Snort mailing list archives
Re: evaluating snort, can snort do this? commercial support?
From: Dimitri Syuoul <dsyuoul () gmail com>
Date: Tue, 19 Jan 2010 17:30:38 -0600
Thank you, I have inquiried about SSLbump in the proxy mailing lists but apparently this a feature that is not done transaprently to the user.. one needs to configure the browser to proxy https for that. Which i dont want. Also, nobody has answered if snort can be used to block skype? Any option or feed is welcomed!! Dimitri On Tue, Jan 12, 2010 at 11:04 PM, Will Metcalf <william.metcalf () gmail com> wrote:
a.) http://wiki.squid-cache.org/Features/SslBump http://wiki.squid-cache.org/Features/DynamicSslCert Regards, Will On Tue, Jan 12, 2010 at 7:30 PM, Dimitri Syuoul <dsyuoul () gmail com> wrote:Hello all, Ive new to snort, and it seems like a great packet sniffer and a great IDS. However my need is very specific and I would like to know to what extend can Snort help me here. a.) I have a LAN of users NATted on a linux box where I want to install Snort. I want to be able to restrict the use of the https protocol with snort (yes i have my reasons for doing it like this, squid cannot transaprently proxy https). based on that fact that the actually request to the destination domain goes unencrypted. Id like to know if I can block viewing of https enabled sites (port 443) specifically so only a very small of domain names are allowed to be called. Ive seen complex commercial packet filters do this, iam sure there must be a way? b.) Now a days restrictoins based on ports dont quite work when it comes to Skype. I need to be able to block/allow skype traffic out (for specific IPs but i think this would be a netfilter/iptables thing) c.) Is commercial spport available for custom signatures? Regards, Dimitri ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- evaluating snort, can snort do this? commercial support? Dimitri Syuoul (Jan 12)
- Re: evaluating snort, can snort do this? commercial support? Will Metcalf (Jan 12)
- Re: evaluating snort, can snort do this? commercial support? Dimitri Syuoul (Jan 19)
- Re: evaluating snort, can snort do this? commercial support? Jason Haar (Jan 21)
- Re: evaluating snort, can snort do this? commercial support? Dimitri Syuoul (Jan 19)
- Re: evaluating snort, can snort do this? commercial support? Will Metcalf (Jan 12)