2457.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
2457

--
Summary:
This event is generated when a host in your network that has Yahoo Instant Messenger sends or receives a Yahoo Instant Messenger message. 

--
Impact:
Possible policy violation.  Instant Messenger programs may not be appropriate in certain network environments.

--
Detailed Information:
Yahoo IM provides a means of allowing an interactive message exchange between user.  While there are no known exploits associated with exchanging messages, this type of activity may not be appropriate in certain network environments.  Also, since all exchanges are done via Yahoo IM servers and in clear text, there should be no expectation of privacy.

--
Affected Systems:
Any host running Yahoo Instant Messenger.

--
Attack Scenarios:
No known attacks.

--
Ease of Attack:
No known attacks.

--
False Positives:
None Known.

--
False Negatives:
It may be possible for Yahoo IM traffic to use other ports than the default expected ones.  

--
Corrective Action:
Disallow the use of IM clients on the protected network and enforce or implement an organization wide policy on the use of IM clients.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--