IDS mailing list archives
Re: Jabber and Proventia G
From: Sam Evans <wintrmte () gmail com>
Date: Wed, 6 Apr 2005 08:19:17 -0600
I think the best you can do is create a Trons (Snort because ISS tried to be sneaky) rule to do this. You would have to sniff the first few packets of the file transfer and then create your signature appropriately. For documentation on how to create a Snort signature, you might refer to the documentation on www.snort.org. Otherwise, as far as I know, ISS keeps their voodoo magic to themselves and does not allow you to create any sort of custom protocol analysis. HTH, Sam On Apr 5, 2005 7:17 AM, Is it possible? <is-it-possible () no-log org> wrote:
Hey there, I need to know how I can block jabber users from sending attachements. We are using a jabber server just like http://status.jabber.org and the clients are win32 using the jabber app we can download there www.neosmt.com I've been looking and I do not know how to write a policy for Proventia G. The general idea is to block known potential threads like .exe, .zip or whatever like that. If it is a .doc, .xls or PGP encrypted files, I need it to get to my mailbox. Also, I can send a JPG file which is in fact a renamed PDF. The users are using Jabber in clear-text but in the future we may enforce the use of SSL. How do I do it? Thank you very much, Allan Setright -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Jabber and Proventia G Is it possible? (Apr 06)
- Re: Jabber and Proventia G Sam Evans (Apr 06)