Snort mailing list archives

Re: Snort and IM

From: Josh Bitto <jbitto () onlineschool ca>
Date: Mon, 18 Feb 2013 13:46:32 -0800

It had to do with Mr. Webber's reply.



-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Monday, February 18, 2013 1:27 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort and IM

On 2/18/2013 15:32, Josh Bitto wrote:

OH wait….hahaha…..brain fart….I see what your saying put 
/ajax/mercury/send_messages.php

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CHAT 
Facebook Chat (send message)"; flow:established,to_server; 
content:"POST"; http_method; 
content:"/ajax/mercury/send_messages.php"; http_uri; 
content:"facebook.com <http://facebook.com>"; http_header; 
reference:url,doc.emergingthreats.net/2010784; 
classtype:policy-violation; sid:2010784; rev:3;)


ok, i gotta ask... what does this have to do with detecting Teamspeak 3 traffic as your original post asked about??


------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, 
is your hub for all things parallel software development, from weekly thought 
leadership blogs to news, videos, case studies, tutorials, tech docs, 
whitepapers, evaluation guides, and opinion stories. Check out the most 
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, 
is your hub for all things parallel software development, from weekly thought 
leadership blogs to news, videos, case studies, tutorials, tech docs, 
whitepapers, evaluation guides, and opinion stories. Check out the most 
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort and IM, (continued)
- - - Re: Snort and IM Josh Bitto (Feb 18)
    - Re: Snort and IM Dustin Webber (Feb 18)
    - Re: Snort and IM Josh Bitto (Feb 18)
    - Re: Snort and IM Dustin Webber (Feb 18)
    - Re: Snort and IM Josh Bitto (Feb 18)
    - Re: Snort and IM Joel Esler (Feb 18)
    - Re: Snort and IM JJ Cummings (Feb 18)
    - Re: Snort and IM waldo kitty (Feb 18)
    - Re: Snort and IM James Lay (Feb 18)
    - Re: Snort and IM waldo kitty (Feb 18)
    - Re: Snort and IM Josh Bitto (Feb 18)