Snort mailing list archives
RE: ICQ Rule
From: "Derrick Lichti" <dlichti () mitra com>
Date: Tue, 29 Oct 2002 15:49:27 -0500
Preferrably evertime somebody uses ICQ. I've been pointed towards monitoring port 5190 which is a good start, unfortunately users can get around it! Thanks, Derrick -----Original Message----- From: Jarret Gibson [mailto:jarret () osa comax com] Sent: Tuesday, October 29, 2002 3:38 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] ICQ Rule Are you wanting a snort alert rule for any time someone uses ICQ? Or are you wanting a filter rule for something like Ethereal to capture packets? Jarret ----- Original Message ----- From: Derrick Lichti <mailto:dlichti () mitra com> To: snort-users () lists sourceforge net Sent: Tuesday, October 29, 2002 1:59 PM Subject: [Snort-users] ICQ Rule Hi All; I'm looking for a rule that would grab any packets from a client using ICQ. Does anybody know of any unique information that lies in ICQ message packets? Unfortunately, I don't have a method of testing this myself or else I would have grab packets and looked... Thanks! Derrick
Current thread:
- ICQ Rule Derrick Lichti (Oct 29)
- Re: ICQ Rule Jarret Gibson (Oct 29)
- <Possible follow-ups>
- RE: ICQ Rule Derrick Lichti (Oct 29)
- Re: ICQ Rule Jarret Gibson (Oct 29)