Snort Detects my PC MSN Messenger with following message after upgrading to 7.480. MSN cannot connect. Workaround is to disable in IDS Attack Patterns.
id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="CHAT MSN messenger http link transmission attempt" group="606" srcip="65.54.172.216" dstip="192.168.2.10" proto="6" srcport="1863" dstport="1953" sid="15184" class="A Network Trojan was detected" priority="1" generator="1" msgid="0"
This is the email message I am receiving.
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: CHAT MSN messenger http link transmission attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=15184
Time...........: 2009:08:12-21:02:11
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: A Network Trojan was detected
IP protocol....: 6 (TCP)
Source IP address: 207.46.110.51 (by2msg1204119.gateway.edge.messenger.live.com)
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Source port: 1863 (msnp)
Destination IP address: 192.168.2.10
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Destination port: 1354 (rightbrain)
Guest User!
You are not Sophos Staff.
