snort-users January 2010 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: [Snort-users] evaluating snort, can snort do this?

[Snort-users] evaluating snort, can snort do this? commercial support?

From: Dimitri Syuoul <dsyuoul_at_nospam>
Date: Wed Jan 13 2010 - 01:30:01 GMT
To: snort-users@lists.sourceforge.net


Hello all,

Ive new to snort, and it seems like a great packet sniffer and a great IDS. However my need is very specific and I would like to know to what extend can Snort help me here.

a.) I have a LAN of users NATted on a linux box where I want to install Snort. I want to be able to restrict the use of the https protocol with snort (yes i have my reasons for doing it like this, squid cannot transaprently proxy https).

based on that fact that the actually request to the destination domain goes unencrypted. Id like to know if I can block viewing of https enabled sites (port 443) specifically so only a very small of domain names are allowed to be called.

Ive seen complex commercial packet filters do this, iam sure there must be a way?

b.) Now a days restrictoins based on ports dont quite work when it comes to Skype. I need to be able to block/allow skype traffic out (for specific IPs but i think this would be a netfilter/iptables thing)

c.) Is commercial spport available for custom signatures?

Regards,

Dimitri



This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users