Tox chat snort rule
-
Hi All,
I have some users using a disallowed application but am having a hard time stopping it.
Does anyone know of, or have a different resource I can work with, that would know how to detect and block this type of traffic?
This site provides a little insight in case you have not heard of it. https://tox.chat/
Thanks in advance!
-
Not familiar with the product but with Suricata you can block using TLS/SSL cert/fingerprint info
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywordsOR with File magic you can intercept PGP key exchange, if they dont use TLS.
Or you could block .chat domain name request…
Shouldnt be too hard to block another chat service...
F.