Application Signature

  • Hi again ;)
    What about application signature , i mean can snort prevent application that use HTTP to connect thought it . p2p have these HTTP signature which can be seen and prevented by other firewall like MS-ISA . I am not here talking only about p2p , no i talk also about ppl who use proxies to connect their chat application ( Yahoo-MSN-ICQ etc ) and bypass snort chat rules . So any ideas?

  • Snort is an IDS/IPS, not a proxy.  I assume you meant Squid?  Squid can block by user agent.

Log in to reply