[Snort-users] machine hangs

Always Bishan bishan4u at ...1396...
Wed Sep 3 04:01:18 EDT 2003


Hi Snorters,

I just made a rule to detect yahoo traffic, the rule
works fine but when i try tocheck the results usiong
ACID, my machine reboots. This has happened
consistently for six times now.

Here is the rule:
-----------------
alert tcp $HOME_NET any <> $EXTERNAL_NET 5050
(msg:"CHAT Yahoo message"; flow:established;
content:"YMSG"; classtype:policy-violation; sid:540;
rev:8;)

Any clues? Any suggestions? Is this rule right? Any
flaws?

Regards,
Bishan


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/




More information about the Snort-users mailing list