[Snort-sigs] SSL traffic block using Snort rules

Joel Esler (jesler) jesler at ...3865...
Mon Aug 25 09:54:51 EDT 2014


On Aug 25, 2014, at 9:36 AM, Ravi Kukadia <ravi.kukadia at ...3942...<mailto:ravi.kukadia at ...3942...>> wrote:

Hi,

I wanted to understand that is it possible to block SSL traffic using Snort rules? I wanted to block https websites on my network but not sure whether I can do with Snort or not.

Sounds like a fantastic use for OpenAppId.  Use the SSL service keyword, and block it, regardless of port.  Check out the 2.9.7.0 beta, and join the OpenAppId mailing list.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140825/252af2f9/attachment.html>


More information about the Snort-sigs mailing list