Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL traffic block using Snort rules

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 25 Aug 2014 13:54:51 +0000
On Aug 25, 2014, at 9:36 AM, Ravi Kukadia <ravi.kukadia () ishisystems com<mailto:ravi.kukadia () ishisystems com>> 
wrote:

Hi,

I wanted to understand that is it possible to block SSL traffic using Snort rules? I wanted to block https websites on 
my network but not sure whether I can do with Snort or not.

Sounds like a fantastic use for OpenAppId.  Use the SSL service keyword, and block it, regardless of port.  Check out 
the 2.9.7.0 beta, and join the OpenAppId mailing list.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: