Using snort : how to block a specific traffic not a host
-
Hi to all,
I'm using pfsense and snort to bloc skype on our company network, this is working great : every host that attempts to use skype is blocked.
But actually, we need to do not bloc all traffic from this host, we want to keep the ability to use internet and just bloc skype traffic.
Is it possible with snort?Thanx
-
Hi to all,
I'm using pfsense and snort to bloc skype on our company network, this is working great : every host that attempts to use skype is blocked.
But actually, we need to do not bloc all traffic from this host, we want to keep the ability to use internet and just bloc skype traffic.
Is it possible with snort?Thanx
I have the same question, Please could someone answer this?
-
Ok, i found that if u use snort on interface WAN then on login, there is blocked skype login server.
Rule 5999 tcp $EXTERNAL_NET any $HOME_NET any P2P Skype client login
This rule add destination ip to blocked list for next time. The same as 5998.
5693 tcp $HOME_NET any $EXTERNAL_NET $HTTP_PORTS P2P Skype client start up get latest version attempt
Is not blocking ip address. There is 10 Alerts about this rule, but nothing is added to blocked list. Why it is so?
Tnx
-
Does anyone ever blocked skype with pfsense?
-
Does anyone ever blocked skype with pfsense?
I have been trying to get pfsense 1.2.3 and snort package to block skype for the last 3 days without success.
Also I have noticed that pfsense doesn't completely block MSN and Yahoo messengers.
-
Hi to all,
I'm using pfsense and snort to bloc skype on our company network, this is working great : every host that attempts to use skype is blocked.
But actually, we need to do not bloc all traffic from this host, we want to keep the ability to use internet and just bloc skype traffic.
Is it possible with snort?Thanx
You need to write a snort rule that blocks known content of skype or addjust the rule for you company network.
James
-
Hi to all,
I'm using pfsense and snort to bloc skype on our company network, this is working great : every host that attempts to use skype is blocked.
But actually, we need to do not bloc all traffic from this host, we want to keep the ability to use internet and just bloc skype traffic.
Is it possible with snort?Thanx
You need to write a snort rule that blocks known content of skype or addjust the rule for you company network.
James
As far as I noticed it's not possible to create your own rules or am i missing something?
I reinstalled everything and noticed that some IP addresses get blocked once skype starts up, so I am assuming that the detection works. However skype gets connected either way.