[Snort-users] ICQ Rule

Derrick Lichti dlichti at ...7267...
Tue Oct 29 12:50:03 EST 2002


Preferrably evertime somebody uses ICQ. I've been pointed towards monitoring port 5190 which is a good start, unfortunately users can get around it!
 
Thanks,
Derrick
 
-----Original Message-----
From: Jarret Gibson [mailto:jarret at ...7313...]
Sent: Tuesday, October 29, 2002 3:38 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] ICQ Rule
 
Are you wanting a snort alert rule for any time someone uses ICQ?
 
Or are you wanting a filter rule for something like Ethereal to capture packets?
 
Jarret
----- Original Message ----- 

From: Derrick Lichti <mailto:dlichti at ...7267...>  
To: snort-users at lists.sourceforge.net 
Sent: Tuesday, October 29, 2002 1:59 PM
Subject: [Snort-users] ICQ Rule
 
Hi All;
 
I'm looking for a rule that would grab any packets from a client using ICQ. Does anybody know of any unique information that lies in ICQ message packets? Unfortunately, I don't have a method of testing this myself or else I would have grab packets and looked...
 
Thanks!
Derrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021029/ec05de7e/attachment.html>


More information about the Snort-users mailing list