Snort mailing list archives
Commercial Advanced Packet Sniffers, how do they do this? Application signatures?
From: Dimitri Syuoul <dsyuoul () gmail com>
Date: Fri, 22 Jan 2010 14:22:01 -0600
Hello guys, I was wondering if anybody could give me feedback on these two commercial appliances: http://www.paloaltonetworks.com/solutions/app-control.html http://www.bluecoat.com/products/sg It seems these have two key things a.) proxy for 443/80 with SSL termination, and b.) an advanced packet sniffer for all the other ports Iam interested in B. With over 900 application "signatures" including Bittorent, Skype, MSN (which now a days uses multiple ports also)... it even lets you block if you want to allow Instant Messaging but not allow WebCams inside instant messaging... I have been breaking my head for days now and Id like to head from the people at snort... how exactly would an appliance be able to "signature" all these and manipulate them? As far as I Know the community has never seen application signatures.. right? Please do not reply this message and say a standard port base blocking does this, because we know it doesnt ;-) specially Skype who can connect pretty much on any open port available on the client machine. Thanks. --Dimitri ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Brvenik (Jan 23)