Snort mailing list archives

Previous By Date Next
Previous By Thread Next

machine hangs

From: Always Bishan <bishan4u () yahoo co uk>
Date: Wed, 3 Sep 2003 12:00:50 +0100 (BST)
Hi Snorters,

I just made a rule to detect yahoo traffic, the rule
works fine but when i try tocheck the results usiong
ACID, my machine reboots. This has happened
consistently for six times now.

Here is the rule:
-----------------
alert tcp $HOME_NET any <> $EXTERNAL_NET 5050
(msg:"CHAT Yahoo message"; flow:established;
content:"YMSG"; classtype:policy-violation; sid:540;
rev:8;)

Any clues? Any suggestions? Is this rule right? Any
flaws?

Regards,
Bishan


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: