Snort mailing list archives
Re: Snort and IM
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 18 Feb 2013 16:27:22 -0500
On 2/18/2013 15:32, Josh Bitto wrote:
OH wait….hahaha…..brain fart….I see what your saying put /ajax/mercury/send_messages.php alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT Facebook Chat (send message)"; flow:established,to_server; content:"POST"; http_method; content:"/ajax/mercury/send_messages.php"; http_uri; content:"facebook.com <http://facebook.com>"; http_header; reference:url,doc.emergingthreats.net/2010784; classtype:policy-violation; sid:2010784; rev:3;)
ok, i gotta ask... what does this have to do with detecting Teamspeak 3 traffic as your original post asked about?? ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort and IM, (continued)
- Re: Snort and IM Josh Bitto (Feb 18)
- Re: Snort and IM Josh Bitto (Feb 18)
- Re: Snort and IM Dustin Webber (Feb 18)
- Re: Snort and IM Josh Bitto (Feb 18)
- Re: Snort and IM Dustin Webber (Feb 18)
- Re: Snort and IM Josh Bitto (Feb 18)
- Re: Snort and IM Joel Esler (Feb 18)
- Re: Snort and IM JJ Cummings (Feb 18)
- Re: Snort and IM waldo kitty (Feb 18)
- Re: Snort and IM James Lay (Feb 18)
- Re: Snort and IM waldo kitty (Feb 18)
- Re: Snort and IM Josh Bitto (Feb 18)