[Snort-users] Detecting Skype traffic (reliably)

Humes, David G. David.Humes at ...383...
Wed Oct 25 11:57:45 EDT 2006


TippingPoint can detect Skype program downloads, Skype update requests,
and first time logins after fresh Skype installs.  AFAIK, they do not
have a way to detect arbitrary Skype traffic.

> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net 
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf 
> Of Paul Halliday
> Sent: Tuesday, October 24, 2006 8:36 PM
> To: Andrew Hay
> Cc: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Detecting Skype traffic (reliably)
> 
> 
> AFAIK there is _always_ the initial agent -> server 
> communication before any calls. This is trivial to detect.
> 
> On 10/24/06, Andrew Hay <andrewsmhay at ...11827...> wrote:
> > Has anyone, in practice...not in theory, been able to create and 
> > validate a snort signature that is able to classify Skype traffic? 
> > I've been researching for days and am having a hard time.  
> I know that 
> > TippingPoint has a way of classifying (and blocking) Skype 
> traffic but 
> > from what I hear they don't appear to be sharing the 
> 'secret sauce'. 
> > Any input would be greatly appreciated.
> >
> > --
> > Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA]
> > blog: https://www.andrewhay.ca
> > email: andrewsmhay || at || gmail.com
> >
> > 
> ----------------------------------------------------------------------
> > ---
> > Using Tomcat but need to do more? Need to support web 
> services, security?
> > Get stuff done quickly with pre-integrated technology to 
> make your job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on 
> Apache Geronimo
> > 
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security? Get stuff done quickly with pre-integrated technology to make
your job easier Download IBM WebSphere Application Server v.1.0.1 based
on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list