[Snort-sigs] snort not detect messenger spam ? (snort240b18+snortrules24)

Nigel Houghton nigel at ...435...
Tue Aug 16 09:01:30 EDT 2005

On  0, rmkml <rmkml at ...324...> allegedly wrote:
> ok,
> but messenger trafic is WORM,
> you don't receive this trafic on internet cnx ?

I think you have a starting point to work with here, now you need to
start tuning the rule for yourself. Feel free to come back to the list
with questions you might have.
> >alert udp $EXTERNAL_NET any -> $HOME_NET 135:1030 (msg:"Policy Messenger 
> >Traffic - Fix your network"; content:"|04 00|"; depth:2; sid:1000000; 
> >rev:1; )

     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!

More information about the Snort-sigs mailing list