https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364965#M97169 <HTML><HEAD></HEAD><BODY><P>some signatures should already be there. see details here</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl" target="_blank">http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl</A></P><P></P><P>Yahoo Messenger Activity </P><P>Siganture Id/Sub Id 11200/0 </P><P>Signature Description This signature fires when a Yahoo Messenger client login attempt to the default TCP port 5050 is detected. </P><P>IDS Version S46 </P><P>Alarm Level 0 </P><P>Benign Triggers Normal Yahoo Messenger activity will cause this signature to fire. </P><P>Signature Type NETWORK </P><P>Signature Structure ATOMIC </P><P>Implementation CONTENT </P><P> </P><P>Related Vulnerabilities </P><P>3843 Instant Messaging </P><P> </P><P> </P><P>Siganture Id/Sub Id 11201/0 </P><P>Signature Description This signature fires when an MSN new connection attempt to the default TCP port 1863 is detected. </P><P>IDS Version S46 </P><P>Alarm Level 0 </P><P>Benign Triggers Normal use of MSN instant messaging clients will cause this signature to fire. </P><P>Signature Type NETWORK </P><P>Signature Structure ATOMIC </P><P>Implementation CONTENT </P><P> </P><P>Related Vulnerabilities </P><P>3843 Instant Messaging </P><P> </P><P></P></BODY></HTML> Wed, 02 Feb 2005 20:39:37 GMT nkhawaja 2005-02-02T20:39:37Z https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364964#M97165 <P>I am using a 4235 and need to be able to detect when a user is using any type of IM or P2P application. I know others are able to do this but they are using a different brand IDS. Any help or ideas whould be very helpful. My infrastructure is all Extreme so NBAR is not an option.</P> Sun, 10 Mar 2019 09:15:47 GMT https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364964#M97165 napoleoncrowe 2019-03-10T09:15:47Z https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364965#M97169 <HTML><HEAD></HEAD><BODY><P>some signatures should already be there. see details here</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl" target="_blank">http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl</A></P><P></P><P>Yahoo Messenger Activity </P><P>Siganture Id/Sub Id 11200/0 </P><P>Signature Description This signature fires when a Yahoo Messenger client login attempt to the default TCP port 5050 is detected. </P><P>IDS Version S46 </P><P>Alarm Level 0 </P><P>Benign Triggers Normal Yahoo Messenger activity will cause this signature to fire. </P><P>Signature Type NETWORK </P><P>Signature Structure ATOMIC </P><P>Implementation CONTENT </P><P> </P><P>Related Vulnerabilities </P><P>3843 Instant Messaging </P><P> </P><P> </P><P>Siganture Id/Sub Id 11201/0 </P><P>Signature Description This signature fires when an MSN new connection attempt to the default TCP port 1863 is detected. </P><P>IDS Version S46 </P><P>Alarm Level 0 </P><P>Benign Triggers Normal use of MSN instant messaging clients will cause this signature to fire. </P><P>Signature Type NETWORK </P><P>Signature Structure ATOMIC </P><P>Implementation CONTENT </P><P> </P><P>Related Vulnerabilities </P><P>3843 Instant Messaging </P><P> </P><P></P></BODY></HTML> Wed, 02 Feb 2005 20:39:37 GMT https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364965#M97169 nkhawaja 2005-02-02T20:39:37Z https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364966#M97175 <HTML><HEAD></HEAD><BODY><P>We have added a considerable number of signatures in the last few releases. For example, signatures 11019-11020, 11028-11031, 11200-11232 have been added in release S140. These signatures add greatly to our current coverage of IM and P2p products as well as providing more granular activity monitoring. However, They have been disabled by default. To use them, you have to enable them. We are in the process of releasing a few more soon.</P></BODY></HTML> Wed, 02 Feb 2005 21:27:32 GMT https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364966#M97175 rupadras 2005-02-02T21:27:32Z https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364967#M97176 <HTML><HEAD></HEAD><BODY><P>I just updated the box to 140 so I'll go ahead and enable those. Thanks a ton! </P></BODY></HTML> Thu, 03 Feb 2005 14:48:54 GMT https://community.cisco.com/t5/network-security/instant-messaging-detection/m-p/364967#M97176 napoleoncrowe 2005-02-03T14:48:54Z