Snort mailing list archives
ICQ Logging
From: Jim Forster <jforster () rapidnet com>
Date: Wed, 24 Oct 2001 15:21:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oops - I didn't get the list CC'd on that response - sorry. Here's the rule I use to log ICQ traffic. alert tcp any any <> any 5190 (msg:"ICQ"; flags:A+; content:"|2A 02|"; depth: 2; dsize:> 140;) - ----------------------------------------------------- Jim Forster Network Administrator RapidNet, A Golden West Company - ----------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO9cw04m0Gn1R8/mJEQKWZACgmt7ThnYHWH9Wpc5VV0ojPt3of48AnAue VcKBnZEK3Bb7MQcVKZvfVBv6 =6BR+ -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICQ Logging Jim Forster (Oct 24)