[Snort-users] OT: Recording IM sessions

Chris Lyon cslyon at ...11827...
Wed Jun 22 13:06:23 EDT 2005


Most of the commercial solutions are all inline and since we have
snort in place. It makes sense to use it. I think the FLoP option will
work, thanks Alex. I will need to start working on it.


On 6/22/05, Rich Moffitt <lists at ...13372...> wrote:
> There are a lot of commercial solutions that now focus on tracking IM
> conversations with configurable logging / reporting statistics.
> 
> For free projects, I know of Aimsniff as one such tool that captures IM
> traffic.
> 
> -Rich
> 
> Schott, Erik J Mr ANOSC/FCBS wrote:
> 
> >Good day, gentlemen.  We have strayed from the topic of the original post.
> >The OP merely wanted to know "[...] if there is a program that is out there
> >that will put together IM sessions for me. Any ideas or feedback?"  Any
> >legal ramifications the OP may suffer for monitoring that traffic are
> >between him and his organization's legal department and belong in another
> >forum.  Thank you.
> >
> >-----Original Message-----
> >From: Paul Melson [mailto:pmelson at ...11827...]
> >Sent: Wednesday, June 22, 2005 10:26 AM
> >To: 'Bristol, Gary L.'; 'Chris Lyon'; 'Joel Esler'
> >Cc: snort-users at lists.sourceforge.net
> >Subject: RE: [Snort-users] OT: Recording IM sessions
> >
> >
> >That's certainly part of it - many companies have regulatory and/or policy
> >obligations to prevent or at least monitor IM traffic.  And there's no
> >expectation of privacy with your employers' computers blah blah blah...
> >
> >The other part of it is that most IM technologies (AIM, IRC, ICQ, etc.) are
> >gaining popularity as attack vectors and backdoor channels.  Most have means
> >of transferring files or running some form of script that can perform some
> >variation of a shell().  And many of these systems are designed to
> >circumvent firewall rules that would otherwise restrict access to them.
> >(And I don't just mean searching for unblocked ports, though some clients
> >definitely will - Yahoo in particular can work through an HTTP proxy using
> >GET and POLL requests, so blocking CONNECT isn't good enough anymore.)
> >
> >PaulM
> >
> >________________________________
> >
> >Subject: RE: [Snort-users] OT: Recording IM sessions
> >
> >
> >I don't mean to pry on this conversation, which means I will, but unless
> >it's giving up Company secrets, or discussing a commision of a criminal act
> >is there really anything you can legally do about it.
> >
> >Not unless your company policy covers what people can and can not have
> >conversations about.
> >
> >Or am I not getting what this conversation is about?
> >
> >
> >
> >
> >-------------------------------------------------------
> >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> >from IBM. Find simple to follow Roadmaps, straightforward articles,
> >informative Webcasts and more! Get everything you need to get up to
> >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >-------------------------------------------------------
> >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> >from IBM. Find simple to follow Roadmaps, straightforward articles,
> >informative Webcasts and more! Get everything you need to get up to
> >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
>




More information about the Snort-users mailing list