[Snort-users] evaluating snort, can snort do this? commercial support?

Dimitri Syuoul dsyuoul at ...11827...
Tue Jan 19 18:30:38 EST 2010

Thank you, I have inquiried about SSLbump in the proxy mailing lists
but apparently this a feature that is not done transaprently to the
user.. one needs to configure the browser to proxy https for that.
Which i dont want.

Also, nobody has answered if snort can be used to block skype?

Any option or feed is welcomed!!


On Tue, Jan 12, 2010 at 11:04 PM, Will Metcalf
<william.metcalf at ...11827...> wrote:
> a.)
> http://wiki.squid-cache.org/Features/SslBump
> http://wiki.squid-cache.org/Features/DynamicSslCert
> Regards,
> Will
> On Tue, Jan 12, 2010 at 7:30 PM, Dimitri Syuoul <dsyuoul at ...11827...> wrote:
>> Hello all,
>> Ive new to snort, and it seems like a great packet sniffer and a great
>> IDS. However my need is very specific and I would like to  know to
>> what extend can Snort help me here.
>> a.) I have a LAN of users NATted on a linux box where I want to
>> install Snort. I want to be able to restrict the use of the https
>> protocol with snort (yes i have my reasons for doing it like this,
>> squid cannot transaprently proxy https).
>> based on that fact that the actually request to the destination domain
>> goes unencrypted. Id like to know if I can block viewing of https
>> enabled sites (port 443) specifically so only a very small of domain
>> names are allowed to be called.
>> Ive seen complex commercial packet filters do this, iam sure there
>> must be a way?
>> b.) Now a days restrictoins based on ports dont quite work when it
>> comes to Skype. I need to be able to block/allow skype traffic out
>> (for specific IPs but i think this would be a netfilter/iptables
>> thing)
>> c.) Is commercial spport available for custom signatures?
>> Regards,
>> Dimitri
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list