[Snort-sigs] false +ves for BLEEDING-EDGE P2P CHAT Skype VoIP Initialization

Russell Fulton r.fulton at ...575...
Wed Apr 20 18:12:39 EDT 2005


On Wed, 2005-04-20 at 17:28 +0200, stephane nasdrovisky wrote:

> This may also change. The easiest thing to do is probably not letting 
> users install skype if you don't want it to be used (it's easier than 
> maintaining 5 or 10 snort signatures)

My interest is not that Skype is banned here, it isn't.  I want to
identify Skype users so I can differentiate them from other P2P
protocols that I detect by traffic patterns.

We have strongly enforce anti piracy policies so we follow up people who
are using p2p programs to make sure that they are not using them to
breach 3rd party copyright.  It would make my life easier if we could
eliminate the increasing pool of skype users so we don't waste time
following them up.

Russell
-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050420/906c648a/attachment.bin>


More information about the Snort-sigs mailing list