Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ICQ Logging

From: Jim Forster <jforster () rapidnet com>
Date: Wed, 24 Oct 2001 15:21:23 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oops - I didn't get the list CC'd on that response - sorry.  Here's the 
rule I use to log ICQ traffic.

alert tcp any any <> any 5190 (msg:"ICQ"; flags:A+; content:"|2A 02|"; 
depth: 2; dsize:> 140;)

- -----------------------------------------------------
Jim Forster
Network Administrator
RapidNet, A Golden West Company
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO9cw04m0Gn1R8/mJEQKWZACgmt7ThnYHWH9Wpc5VV0ojPt3of48AnAue
VcKBnZEK3Bb7MQcVKZvfVBv6
=6BR+
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: