[Snort-sigs] detecting traffic from / to httport / htthost

Martin Herbst martin-herbst at ...52...
Tue Oct 23 04:17:05 EDT 2001


Hi,

i am a newbie to this list and (n)ids especially snort.

under the snort sigs archive
http://www.geocrawler.com/lists/3/SourceForge/6752/0/
i found no clue, that there was any discussion about
the tcp redirector tool httport (www.htthost.com). So i ask you now ;-)

the problem is that a/(the) great(est) german computer magazine
(the c't from the heise verlag: http://www.heise.de/ct/01/22/070/#1)
has written an article about this ssl/tunneling tool.

this is a (not so young, i know) nightmare for every it-admin,
cause every internal (windoze) lan user can install this tool to use
all the programs we are trying to deny (p2p, irc, telnet, mail etc.pp.)
via ssl tunneling or via an externeal htthost server.

Is there a chance to detect traffic from/to httport/hhthost server
via snort? is there a sig file available? anyone has experience
with the sig file?

i am new to the it-security business (1 year hands-on experience
only), but you can go into details and i will complain later :-)

thank you in advance for your help. Email is preferred. i will
post a summary, if necessary.

bye
Martin Herbst (martin-herbst at ...52...)





More information about the Snort-sigs mailing list