I have the following rule meant to alert on MSN IMs. How would I adjust the rule so that non MSN traffic containing the string ‘MSG’ isn’t captured?
alert tcp $EXTERNAL_NET any → $HOME_NET any (content:“MSG”; sid:1585658;)
I have the following rule meant to alert on MSN IMs. How would I adjust the rule so that non MSN traffic containing the string ‘MSG’ isn’t captured?
alert tcp $EXTERNAL_NET any → $HOME_NET any (content:“MSG”; sid:1585658;)