[Snort-users] Detecting Skype traffic (reliably)

Nigel Houghton nigel at ...1935...
Wed Oct 25 22:04:03 EDT 2006


On  0, Andrew Hay <andrewsmhay at ...11827...> wrote:
> Has anyone, in practice...not in theory, been able to create and
> validate a snort signature that is able to classify Skype traffic?
> I've been researching for days and am having a hard time.  I know that
> TippingPoint has a way of classifying (and blocking) Skype traffic but
> from what I hear they don't appear to be sharing the 'secret sauce'.
> Any input would be greatly appreciated.

What do you mean by "classifying Skype traffic" exactly?

Did you look at the following sids:

  5692
  5693
  5694
  5998
  5999
  6000
  6001

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

         There is no theory of evolution, just a list
            of creatures Vin Diesel allows to live.




More information about the Snort-users mailing list