Full Disclosure mailing list archives

Re: Blocking Music Sharing.

From: Sam Baskinger <sam () reefedge com>
Date: Tue, 16 Sep 2003 08:26:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

A few folks don't know that Snort can be a little more proactive than just 
detection.  Check out:

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24

As for my comment, I agree with Jared's comment.  Be sure that your users have 
agreed to an acceptable use policy for your University/Company and by that 
the accountability falls to them.  Also, I just say "be careful" because it 
can be a slippery sloap when companys start taking on accountability for 
their employees behavior, on the Internet or otherwise.

Hope this is helpful.

Sam


On Monday 15 September 2003 16:03, james wrote:

:I think the key here is a strong enforceable communicated policy and then
: identifying the traffic and addressing the

user. I would go with an IDS (Snort is a  good :choice to IDENTIFY as you
can easily write the sigs). Now granted Snort could pick it up on different
ports depending on what it was looking for, however you need to think about
tunneled connections via ssh and ssl. A good client inventory app seems to
be the best way to catch these... Ahhh big brother and his tools.

: Regards,
: ---------------------
: Jared Bergeron
: Systems Analyst / E-Security
: XEROX Office Printing Business

I have always felt that solving personnel problems with firewalls is a
really poor use of time and hardware. Admin will end up chasing this all
the time as the P2P technology changes. Far better to run an IDS and log
the offenders, the let HR take care of this.

James Edwards
Routing and Security Administrator
jamesh () cybermesa com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/ZwFyuabcSIn58XwRAi30AKC61sh1wEC0w8up1aeTSbDng0D4WwCfTwDZ
EaG8WMR+p6cbwlMU+ve8Yd4=
=UXeR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Blocking Music Sharing., (continued)
- - - Re: Blocking Music Sharing. Scott Manley (Sep 15)
- RE: Blocking Music Sharing. Bergeron, Jared (Sep 15)
  - IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
    - Re: IE Object Type Validation Vulnerability Exploit phlox (Sep 15)
    - Re: IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
    - Re: IE Object Type Validation Vulnerability Exploit Andreas Marx (Sep 16)
    - Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 16)
    - Re: IE Object Type Validation Vulnerability Exploit morning_wood (Sep 18)
    - Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 18)
  - Re: Blocking Music Sharing. james (Sep 15)
    - Re: Blocking Music Sharing. Sam Baskinger (Sep 16)
    - Re: Blocking Music Sharing. morning_wood (Sep 18)
    - Re: Blocking Music Sharing. Azerail (Sep 18)
  - RE: Blocking Music Sharing. Ron DuFresne (Sep 15)
    - Re: Blocking Music Sharing. Cael Abal (Sep 15)
    - Re: Blocking Music Sharing. Ron DuFresne (Sep 16)
    - Re: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 16)
    - RE: Blocking Music Sharing. Rick Kingslan (Sep 16)
    - RE: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 17)
    - Re: Blocking Music Sharing. srenna (Sep 17)
  - Re: Blocking Music Sharing. Kristian Hermansen (Sep 15)

(Thread continues...)