Application layer (layer 7) filtering available yet? (one reason it should be)



  • I have some naughty employees using web based chatting, so the traffic looks like good ole http.  Difficult to track down specific addresses to weed out, too.  If I could find some unique header information in the chat conversations, I could stop this with layer 7 filters.

    If it's not available, suggestions for workarounds are welcome.  I'd even say, encouraged.



  • No Layer7-filtering yet. Maybe you could use snort with some detectionrules to block that. Alternatively there are howtos for blocking the logon to the im networks (blocking the logonservers usually already does the trick). Google around and you'll find some answers how to do that.



  • Hoba was faster :)
    No available L7 filter atm
    As long as you have ports open you will never be able to block ppl from using those things.
    better is to lock down there pc or even better is to have a fair use discussion with employees.



  • Ah yes, the grown up approach.  Explain it to them.  Now to find me some grown ups.

    i.e. You'd think that fair use really would be the appropriate method.  A management solution to a management issue.  But alas…

    But perhaps this is an great excuse for me to finally roll up my sleeves and start Snorting.

    Thanks for the info, guys.


Log in to reply