File: 2459.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (52 lines) | stat: -rw-r--r-- 1,321 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Rule:

--
Sid:
2459

--
Summary:
This event is generated when a host in your network that has Yahoo Instant Messenger running starts a webcam or sends an invitation to view a webcam to another Yahoo IM user. 

--
Impact:
Possible policy violation.  Instant Messenger programs may not be appropriate in certain network environments.

--
Detailed Information:
This event indicates that a Yahoo IM user in your network is sending a notification that he or she is starting a webcam or offering an invitation to view the webcam.  While there are no known exploits associated with showing or viewing webcams, it is possible that this activity is inappropriate in certain environments.

--
Affected Systems:
Any host running Yahoo Instant Messenger.

--
Attack Scenarios:
No know attack scenarios.

--
Ease of Attack:
No know attack scenarios.

--
False Positives:
None Known.

--
False Negatives:
It may be possible for Yahoo IM traffic to use other ports than the default expected ones.  

--
Corrective Action:
Disallow the use of IM clients on the protected network and enforce or implement an organization wide policy on the use of IM clients.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>
--
Additional References:
Yahoo Protocol
http://www.cse.iitb.ac.in/~varunk/YahooProtocol.htm

--