[Snort-users] Detecting Skype traffic (reliably)

Paul Halliday paul.halliday at ...11827...
Tue Oct 24 20:36:10 EDT 2006


AFAIK there is _always_ the initial agent -> server communication
before any calls. This is trivial to detect.

On 10/24/06, Andrew Hay <andrewsmhay at ...11827...> wrote:
> Has anyone, in practice...not in theory, been able to create and
> validate a snort signature that is able to classify Skype traffic?
> I've been researching for days and am having a hard time.  I know that
> TippingPoint has a way of classifying (and blocking) Skype traffic but
> from what I hear they don't appear to be sharing the 'secret sauce'.
> Any input would be greatly appreciated.
>
> --
> Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA]
> blog: https://www.andrewhay.ca
> email: andrewsmhay || at || gmail.com
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list