[Snort-users] Signature for either gotomypc.com -or- Yahoo Messenger

spyguy spyguy703 at ...741...
Thu Sep 12 21:28:05 EDT 2002


GoToMyPC clients poll a server (poll.gotomypc.com) via http (80/tcp) in order 
to get a connection started.

Therefore,

alert tcp $HOME_NET any -> 63.251.224.177/32 80 (msg: "GoToMyPC Client 
Connection";)

Note: This is a very simple rule and will alert EACH time the server is 
polled. Since I never bothered to install the software, I am not sure what 
the traffic looks like when an ACTUAL session is running. Instead, this 
detects the client running. The client polls via http to keep a connection 
up.





On Thursday 12 September 2002 09:41 am, Joe Lawson wrote:
> All:
>
> Has anyone employed a good signature alert for either of the two referenced
> services?  If so, can you share??
>
> TIA,
>
> Joe Lawson





More information about the Snort-users mailing list