AIM: Login Attempt
This signature detects attempts to login to AIM servers through native AOLIM mode, HTTP proxy mode, or SOCKS proxy mode. These are proxy/tunneling methods to avoid firewalls and IPS filters. Depending on your corporate policies, Instant Messaging can be a violation of your end-user's network usage policy. Setting the action of "Close Client and Server" blocks users from chatting on AOLIM over known HTTP/SOCKS proxy ports. This rule should only be applied to a WAN interface.
Short Name
CHAT:AIM:LOGIN-ATTEMPT
Severity
Info
Recommended
False
Recommended Action
None
Category
CHAT
Keywords
Attempt Login
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
Port
TCP/23,25,53,80,443,1080,3128,5190,8080,8118,8888
False Positive
Rarely