Snort mailing list archives
Kill current session with Snort/Snortsam
From: "Vincent Corriveau" <Vincent.Corriveau () criq qc ca>
Date: Sun, 15 Sep 2002 22:20:33 -0400
I want to deny MSN Messenger access to my internal users. How I must do for stopping access to MSN Messenger to the user without blocking anything else (for exemple: HTTP, NNTP, Telnet) for the same user. I don't want to block external MSN servers for all users because I think they are used by hotmail.com. I try the following rule but all (HTTP, NNTP...) is denied. ruletype bloquer { type alert output output alert_fwsam: x.x.x.x/y output alert_full: /var/log/snort/alert_fwsam.txt } bloquer tcp $HOME_NET any -> $EXTERNAL_NET 80 \ ( \ msg:"MSN Poll - HTTP"; \ uricontent:"/gateway/gateway.dll?Action=poll"; offset:0; depth:90; \ flags:PA; \ fwsam: this, 60 seconds; \ ) I use Snort 1.8.7 and Snortsam 1.13 plugin Thanks ! Vincent C ------------------------------------------------------- Sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Kill current session with Snort/Snortsam Vincent Corriveau (Sep 16)
- RE: Kill current session with Snort/Snortsam Raj Wurttemberg (Sep 17)
- <Possible follow-ups>
- Kill current session with Snort/Snortsam Vincent Corriveau (Sep 18)