[Snort-users] evaluating snort, can snort do this? commercial support?

Will Metcalf william.metcalf at ...11827...
Wed Jan 13 00:04:22 EST 2010




On Tue, Jan 12, 2010 at 7:30 PM, Dimitri Syuoul <dsyuoul at ...11827...> wrote:

> Hello all,
> Ive new to snort, and it seems like a great packet sniffer and a great
> IDS. However my need is very specific and I would like to  know to
> what extend can Snort help me here.
> a.) I have a LAN of users NATted on a linux box where I want to
> install Snort. I want to be able to restrict the use of the https
> protocol with snort (yes i have my reasons for doing it like this,
> squid cannot transaprently proxy https).
> based on that fact that the actually request to the destination domain
> goes unencrypted. Id like to know if I can block viewing of https
> enabled sites (port 443) specifically so only a very small of domain
> names are allowed to be called.
> Ive seen complex commercial packet filters do this, iam sure there
> must be a way?
> b.) Now a days restrictoins based on ports dont quite work when it
> comes to Skype. I need to be able to block/allow skype traffic out
> (for specific IPs but i think this would be a netfilter/iptables
> thing)
> c.) Is commercial spport available for custom signatures?
> Regards,
> Dimitri
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100112/474ee640/attachment.html>

More information about the Snort-users mailing list