Re: evaluating snort, can snort do this? commercial support?

[Jason Haar <Jason.Haar () trimble co nz>]

On 01/20/2010 12:30 PM, Dimitri Syuoul wrote:
> Also, nobody has answered if snort can be used to block skype?
>   

I'd say no it can't - it can barely be detected. I don't know if
blocking via the current rules (mostly about detecting startup and
software updates) would be enough to block all skype-related network
transactions.

However, an enforced proxy (ie block all outgoing on the firewall -
except traffic from the proxy) can block skype. Skype supports routing
via proxies, but all the endpoints it calls are ip addresses - so
configuring your proxy to disable ip-based connections will block Skype.
Unfortunately it will also block tonnes of other (more) valid traffic -
like google cache for starters.

Having an enforceable policy and routine end-node software audits is
probably the best long-term defence against all this sort of software -
and any future software to come (as long as they play nice/etc).

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users