[Snort-sigs] snort not detect messenger spam ? (snort240b18+snortrules24)

rmkml rmkml at ...324...
Tue Aug 16 08:55:35 EDT 2005


ok,
but messenger trafic is WORM,
you don't receive this trafic on internet cnx ?
Regards
Rmkml


On Tue, 16 Aug 2005, Jason wrote:

> Date: Tue, 16 Aug 2005 11:49:21 -0400
> From: Jason <security at ...704...>
> To: rmkml <rmkml at ...324...>
> Cc: Snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] snort not detect messenger spam ?
>     (snort240b18+snortrules24)
> 
>
>
> rmkml wrote:
>>> it is easy enough to create a rule to detect this.
>> 
>> 
>> send "easy" rule to the list ?
>
>
> alert udp $EXTERNAL_NET any -> $HOME_NET 135:1030 (msg:"Policy Messenger 
> Traffic - Fix your network"; content:"|04 00|"; depth:2; sid:1000000; rev:1; 
> )
>
> A bill is also on the way. ;)
>
>> Regards
>> Rmkml
>> 
>




More information about the Snort-sigs mailing list