[Snort-sigs] Skype

Chich Thierry thierry.chich at ...2579...
Thu Dec 16 05:09:01 EST 2004


This a short and badly written rule that detect when skype check fo a new 
version - ie when it is launched. I didn't make the choice to precise the 
destination address: it is 212.72.49.131,  but it could easily change. 


alert tcp $HOME_NET any -> !$HOME_NET 80 (msg:"Skype get latest version";
content:"GET";content:"getlatestversion?ver=";classtype:policy-violation;
reference:url,http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf ;)


Regards,

Thierry Chich




More information about the Snort-sigs mailing list