[Snort-sigs] SSL traffic block using Snort rules

Joel Esler (jesler) jesler at ...3865...
Mon Aug 25 09:54:51 EDT 2014

On Aug 25, 2014, at 9:36 AM, Ravi Kukadia <ravi.kukadia at ...3942...<mailto:ravi.kukadia at ...3942...>> wrote:


I wanted to understand that is it possible to block SSL traffic using Snort rules? I wanted to block https websites on my network but not sure whether I can do with Snort or not.

Sounds like a fantastic use for OpenAppId.  Use the SSL service keyword, and block it, regardless of port.  Check out the beta, and join the OpenAppId mailing list.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140825/252af2f9/attachment.html>

More information about the Snort-sigs mailing list