Rule Category

POLICY-SOCIAL -- Snort has detected a violation of the corporate policy. Similar to an IOC, this activity may not be directly malicious, but could be a symptom of compromise, or of a misuse of the network. Examples are cryptocurrency mining and strade (Bitcoin, et al). The ISP won’t block these, but corporate policies likely prohibit them. In this case, Snort has detected a violation of social media policy. Some companies choose to disallow some or all social media, or to only allow in-network social sharing. This can prevent simple productivity loss or serious NDA breaches (sharing of files from the internal network, etc.).

Alert Message

POLICY-SOCIAL IRC DCC file transfer request

Rule Explanation

This event is generated when activity relating to network chat clients is detected. Impact: Policy Violation. Use of chat clients to communicate with Unknown external sources may be against the policy of many organizations. Details: Instant Messaging (IM) and other chat related client software can allow users to transfer files directly between hosts. This can allow malicious users to circumvent the protection offered by a network firewall. Vulnerabilities in these clients may also allow remote attackers to gain unauthorized access to a host. Ease of Attack: Simple.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Brian Caswell Nigel Houghton

Rule Groups

No rule groups

CVE

None

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None