Snort mailing list archives
scanning for emoticons in MSN messenger?
From: Eric Zheng <zhengeric () hotmail com>
Date: Mon, 3 May 2010 02:07:06 -0500
I want to see if it's possible to make a rule to look for any custom emoticon being sent over MSN messenger. I believe
this is possible since a custom emoticon image has to be sent over the network, but I'm not sure how to look for it
(file type matching? but I don't know what format custom emoticons are in). I'm new to snort rules but I have been
familiarizing myself with their syntax and usage.
I believe it would be along the lines of:
alert tcp $EXTERNAL_NET 1863 -> $HOME_NET any (msg:"Emoticon detected"; <emoticon signature>;)
Where <emoticon signature> are the requisites to trigger the alert. Port 1863 is used for MSN messenger.
Any help would be appreciated, thanks!
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- scanning for emoticons in MSN messenger? Eric Zheng (May 03)
- Re: scanning for emoticons in MSN messenger? Joel Esler (May 03)
- Re: scanning for emoticons in MSN messenger? Eric Zheng (May 03)
- Re: scanning for emoticons in MSN messenger? Joel Esler (May 04)
- Re: scanning for emoticons in MSN messenger? Eric Zheng (May 03)
- Re: scanning for emoticons in MSN messenger? Joel Esler (May 03)