[Snort-users] ICQ 2000 Siganture and firewall config
dr at ...50...
Thu Oct 19 01:16:08 EDT 2000
On Wed, 18 Oct 2000, Erick Arturo Perez Huemer wrote:
> As of version 2000a and 2000b of ICQ. The program now has a section called
> "Connection" under Preferences that allows you to select "autoconfigure
> I noticed this because one of my users was running ICQ on his computer and I
> was surprised since I blocked all and allowed only certain traffic.My
> surprise came when I noticed that ICQ is using port tcp 21 (automatically
> configured) to perform connections. Obviously port 21 is open in my ipchains
> rule because I need users to ftp outside sometimes...
> Anyone knows a signature for ICQ so at least my IDS (Snort) can tell me whos
> using it?
The ICQ protocol description site at:
...May be of assistance to you on your quest. ;)
But I'm sure others might be interested too, (myself included)
so if you do come up with something here, please post back
with your rules...
Dragos Ruiu <dr at ...50...> dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net
More information about the Snort-users