[Snort-sigs] Yahoo Instant Messenger Login
spyguy703 at ...817...
Fri Jan 24 09:05:06 EST 2003
I am still trying to create a rule to detect logins to Yahoo Instant
Users are connecting on both port 23 and port 80.
I am not trying to capture logins, I just need to know how many
individual users are using the service.
Here is what I came up with, but it generates too many alerts.
alert tcp $HOME_NET any -> $YIM_SERVERS any (content: "YMSG"; flags: PA;
More information about the Snort-sigs