Snort mailing list archives
Re: Detecting Skype traffic (reliably)
From: "Humes, David G." <David.Humes () jhuapl edu>
Date: Wed, 25 Oct 2006 11:57:45 -0400
TippingPoint can detect Skype program downloads, Skype update requests, and first time logins after fresh Skype installs. AFAIK, they do not have a way to detect arbitrary Skype traffic.
-----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Paul Halliday Sent: Tuesday, October 24, 2006 8:36 PM To: Andrew Hay Cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] Detecting Skype traffic (reliably) AFAIK there is _always_ the initial agent -> server communication before any calls. This is trivial to detect. On 10/24/06, Andrew Hay <andrewsmhay () gmail com> wrote:Has anyone, in practice...not in theory, been able to create and validate a snort signature that is able to classify Skype traffic? I've been researching for days and am having a hard time.I know thatTippingPoint has a way of classifying (and blocking) Skypetraffic butfrom what I hear they don't appear to be sharing the'secret sauce'.Any input would be greatly appreciated. -- Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA] blog: https://www.andrewhay.ca email: andrewsmhay || at || gmail.com------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support webservices, security?Get stuff done quickly with pre-integrated technology tomake your job easierDownload IBM WebSphere Application Server v.1.0.1 based onApache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting Skype traffic (reliably) Andrew Hay (Oct 24)
- Re: Detecting Skype traffic (reliably) Paul Halliday (Oct 24)
- Re: Detecting Skype traffic (reliably) Jason Haar (Oct 25)
- Re: Detecting Skype traffic (reliably) Nigel Houghton (Oct 25)
- <Possible follow-ups>
- Re: Detecting Skype traffic (reliably) Michael Scheidell (Oct 24)
- Re: Detecting Skype traffic (reliably) Humes, David G. (Oct 25)
- Re: Detecting Skype traffic (reliably) baginski (Oct 25)
- Re: Detecting Skype traffic (reliably) Nicolas Saurbier (Oct 26)