Application Signature
-
Hi again ;)
What about application signature , i mean can snort prevent application that use HTTP to connect thought it . p2p have these HTTP signature which can be seen and prevented by other firewall like MS-ISA . I am not here talking only about p2p , no i talk also about ppl who use proxies to connect their chat application ( Yahoo-MSN-ICQ etc ) and bypass snort chat rules . So any ideas? -
Snort is an IDS/IPS, not a proxy. I assume you meant Squid? Squid can block by user agent.