Snort mailing list archives
Re: SSL traffic block using Snort rules
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 25 Aug 2014 13:54:51 +0000
On Aug 25, 2014, at 9:36 AM, Ravi Kukadia <ravi.kukadia () ishisystems com<mailto:ravi.kukadia () ishisystems com>> wrote: Hi, I wanted to understand that is it possible to block SSL traffic using Snort rules? I wanted to block https websites on my network but not sure whether I can do with Snort or not. Sounds like a fantastic use for OpenAppId. Use the SSL service keyword, and block it, regardless of port. Check out the 2.9.7.0 beta, and join the OpenAppId mailing list. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SSL traffic block using Snort rules Ravi Kukadia (Aug 25)
- Re: SSL traffic block using Snort rules Joel Esler (jesler) (Aug 25)
- Re: SSL traffic block using Snort rules waldo kitty (Aug 25)