[Snort-users] MSN Chat Rule Help

Derrick Lichti dlichti at ...7267...
Mon Dec 2 13:25:14 EST 2002


Try this:

alert tcp any 1863 <> $HOME_NET any (msg:"MSN IM Chat Data Logged"; flags:PA; content:"|746578742F706C61696E|"; depth:100;)

(from Silicon Defense I believe)

-----Original Message-----
From: Ricardo Londoño [mailto:ricardo at ...7540...]
Sent: Monday, December 02, 2002 4:05 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] MSN Chat Rule Help

My MSN Chat rule does not seem to be working.  I have also tried different
variations I found on the web with no luck.

Does anyone have a good working MSN Chat rule?

My Current Rule:
alert tcp $HOME_NET any -> $EXTERNAL_NET 1863 (msg:"CHAT MSN chat access";
flow:to_server,established; content:"text/plain"; depth:100;
classtype:misc-activity; sid:540;  rev:6;)


thanks

Ricardo




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list