[Snort-users] OT: Recording IM sessions

Jason security at ...5028...
Wed Jun 22 21:33:01 EDT 2005


use binary logging to generate a pcap ( -b ) for any messages / sessions 
( need tagging ) that you want and then use chaosreader to put them 
together into a nice web page for you.

Schott, Erik J Mr ANOSC/FCBS wrote:
> Good day, gentlemen.  We have strayed from the topic of the original post.
> The OP merely wanted to know "[...] if there is a program that is out there
> that will put together IM sessions for me. Any ideas or feedback?"  Any
> legal ramifications the OP may suffer for monitoring that traffic are
> between him and his organization's legal department and belong in another
> forum.  Thank you.
> 
> -----Original Message-----
> From: Paul Melson [mailto:pmelson at ...11827...]
> Sent: Wednesday, June 22, 2005 10:26 AM
> To: 'Bristol, Gary L.'; 'Chris Lyon'; 'Joel Esler'
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] OT: Recording IM sessions
> 
> 
> That's certainly part of it - many companies have regulatory and/or policy
> obligations to prevent or at least monitor IM traffic.  And there's no
> expectation of privacy with your employers' computers blah blah blah...
> 
> The other part of it is that most IM technologies (AIM, IRC, ICQ, etc.) are
> gaining popularity as attack vectors and backdoor channels.  Most have means
> of transferring files or running some form of script that can perform some
> variation of a shell().  And many of these systems are designed to
> circumvent firewall rules that would otherwise restrict access to them.
> (And I don't just mean searching for unblocked ports, though some clients
> definitely will - Yahoo in particular can work through an HTTP proxy using
> GET and POLL requests, so blocking CONNECT isn't good enough anymore.)
> 
> PaulM
> 
> ________________________________
> 
> Subject: RE: [Snort-users] OT: Recording IM sessions
> 
> 
> I don't mean to pry on this conversation, which means I will, but unless
> it's giving up Company secrets, or discussing a commision of a criminal act
> is there really anything you can legally do about it.
>  
> Not unless your company policy covers what people can and can not have
> conversations about.
>  
> Or am I not getting what this conversation is about?
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list