[Snort-users] Kill current session with Snort/Snortsam
Vincent.Corriveau at ...6922...
Wed Sep 18 06:18:03 EDT 2002
I want to deny MSN Messenger access to my internal
users. How I must do for stopping access to MSN Messenger to the
user without blocking anything else (for exemple: HTTP, NNTP, Telnet)
for the same user.
I don't want to block external MSN servers for all users
because I think they are used by hotmail.com.
I try the following rule but all (HTTP, NNTP...) is denied.
type alert output
output alert_fwsam: x.x.x.x/y
output alert_full: /var/log/snort/alert_fwsam.txt
bloquer tcp $HOME_NET any -> $EXTERNAL_NET 80 \
msg:"MSN Poll - HTTP"; \
uricontent:"/gateway/gateway.dll?Action=poll"; offset:0; depth:90; \
fwsam: this, 60 seconds; \
I use Snort 1.8.7 and Snortsam 1.13 plugin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users