|Main Archive Page > Month Archives > snort-users archives|
Ive new to snort, and it seems like a great packet sniffer and a great IDS. However my need is very specific and I would like to know to what extend can Snort help me here.
a.) I have a LAN of users NATted on a linux box where I want to install Snort. I want to be able to restrict the use of the https protocol with snort (yes i have my reasons for doing it like this, squid cannot transaprently proxy https).
based on that fact that the actually request to the destination domain goes unencrypted. Id like to know if I can block viewing of https enabled sites (port 443) specifically so only a very small of domain names are allowed to be called.
Ive seen complex commercial packet filters do this, iam sure there must be a way?
b.) Now a days restrictoins based on ports dont quite work when it comes to Skype. I need to be able to block/allow skype traffic out (for specific IPs but i think this would be a netfilter/iptables thing)
c.) Is commercial spport available for custom signatures?