[Snort-users] evaluating snort, can snort do this? commercial support?

Dimitri Syuoul dsyuoul at ...11827...
Tue Jan 12 20:30:01 EST 2010


Hello all,

Ive new to snort, and it seems like a great packet sniffer and a great
IDS. However my need is very specific and I would like to  know to
what extend can Snort help me here.

a.) I have a LAN of users NATted on a linux box where I want to
install Snort. I want to be able to restrict the use of the https
protocol with snort (yes i have my reasons for doing it like this,
squid cannot transaprently proxy https).

based on that fact that the actually request to the destination domain
goes unencrypted. Id like to know if I can block viewing of https
enabled sites (port 443) specifically so only a very small of domain
names are allowed to be called.

Ive seen complex commercial packet filters do this, iam sure there
must be a way?

b.) Now a days restrictoins based on ports dont quite work when it
comes to Skype. I need to be able to block/allow skype traffic out
(for specific IPs but i think this would be a netfilter/iptables
thing)

c.) Is commercial spport available for custom signatures?

Regards,

Dimitri




More information about the Snort-users mailing list