Full Disclosure mailing list archives
Re: Blocking Music Sharing.
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 18 Sep 2003 12:39:34 +0530
IDS / SNORT p2p bullshit <--- stupid whitehats http://exploitlabs.com/files/misc/badhat.txt morning_wood
A few folks don't know that Snort can be a little more proactive than just detection. Check out: http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24 As for my comment, I agree with Jared's comment. Be sure that your users
have
agreed to an acceptable use policy for your University/Company and by that the accountability falls to them. Also, I just say "be careful" because
it
can be a slippery sloap when companys start taking on accountability for their employees behavior, on the Internet or otherwise.
:I think the key here is a strong enforceable communicated policy and
then
: identifying the traffic and addressing the user. I would go with an IDS (Snort is a good :choice to IDENTIFY as
you
can easily write the sigs). Now granted Snort could pick it up on
different
ports depending on what it was looking for, however you need to think
about
tunneled connections via ssh and ssl. A good client inventory app seems
to
be the best way to catch these... Ahhh big brother and his tools. : Regards, : --------------------- : Jared Bergeron : Systems Analyst / E-Security : XEROX Office Printing Business I have always felt that solving personnel problems with firewalls is a really poor use of time and hardware. Admin will end up chasing this all the time as the P2P technology changes. Far better to run an IDS and log the offenders, the let HR take care of this.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Blocking Music Sharing., (continued)
- RE: Blocking Music Sharing. Bergeron, Jared (Sep 15)
- IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit phlox (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit Andreas Marx (Sep 16)
- Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 16)
- Re: IE Object Type Validation Vulnerability Exploit morning_wood (Sep 18)
- Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 18)
- IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- RE: Blocking Music Sharing. Bergeron, Jared (Sep 15)
- Re: Blocking Music Sharing. Sam Baskinger (Sep 16)
- Re: Blocking Music Sharing. morning_wood (Sep 18)
- Re: Blocking Music Sharing. Azerail (Sep 18)
- Re: Blocking Music Sharing. Cael Abal (Sep 15)
- Re: Blocking Music Sharing. Ron DuFresne (Sep 16)
- Re: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 16)
- RE: Blocking Music Sharing. Rick Kingslan (Sep 16)
- RE: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 17)
- Re: Blocking Music Sharing. srenna (Sep 17)