Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hotmail

From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Wed, 19 Jun 2002 13:14:35 -0500

That won't catch people who have messenger running... Possibly just set up
the alert on the range of IPs that they use for their login machines? (msn
still touches these)

-----Original Message-----
From: John Maestrale [mailto:jmaestrale () NBME org] 
Sent: Wednesday, June 19, 2002 1:02 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] Hotmail


Does this look correct. I am trying to alert on Hotmail login attempts.

alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"MSN Hotmail"; flags: A+;
uricontent: "/ppsecure/login"; nocase; classtype:misc-activity; rev:1;)

Thanks

John Maestrale,SSCP



----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: