[Snort-users] evaluating snort, can snort do this? commercial support?

Jason Haar Jason.Haar at ...294...
Thu Jan 21 03:16:54 EST 2010


On 01/20/2010 12:30 PM, Dimitri Syuoul wrote:
> Also, nobody has answered if snort can be used to block skype?
>   

I'd say no it can't - it can barely be detected. I don't know if
blocking via the current rules (mostly about detecting startup and
software updates) would be enough to block all skype-related network
transactions.

However, an enforced proxy (ie block all outgoing on the firewall -
except traffic from the proxy) can block skype. Skype supports routing
via proxies, but all the endpoints it calls are ip addresses - so
configuring your proxy to disable ip-based connections will block Skype.
Unfortunately it will also block tonnes of other (more) valid traffic -
like google cache for starters.

Having an enforceable policy and routine end-node software audits is
probably the best long-term defence against all this sort of software -
and any future software to come (as long as they play nice/etc).

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list