Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, Proventia Network MFS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Unix):
This signature looks for a successful login as a Microsoft Messenger user. This is identified by a "USR" command where the 1st argument is "OK".
Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Network IPS: 2.0, Proventia Network MFS: 1.0, RealSecure Server Sensor: 7.0, IBM Security Host Protection for Servers (Windows): 220.127.116.110, IBM Security Host Protection for Servers (Windows): 1.0.914.0, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, IBM Security Host Protection for Desktops: 8.0.614.1, IBM Security Host Protection for Servers (Unix): 2.2.2
Microsoft Windows, Microsoft MSN Messenger
MSN (Microsoft Network) Messenger is a popular Internet chat program used to send messages, share and transfer files, talk over the Internet, check stock prices and headlines, and play games. Historically, "instant messaging" systems such as MSN Messenger have provided means for attackers to introduce malicious software (such as trojan horse, backdoor, and virus software) onto networks.
Your institution's security policy may permit the use of instant messaging systems on your network. As a part of your institution's security policy, consider restricting use of instant messaging systems as needed. If restriction of instant messaging is not possible, file transfers over instant messaging services should be monitored for potentially malicious software.
Microsoft Corporation Web site
MSN Messenger "instant messaging" service login