Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tox chat snort rule

    IDS/IPS
    2
    2
    767
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rpbaetens
      last edited by

      Hi All,

      I have some users using a disallowed application but am having a hard time stopping it.

      Does anyone know of, or have a different resource I can work with, that would know how to detect and block this type of traffic?

      This site provides a little insight in case you have not heard of it. https://tox.chat/

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • F
        fsansfil
        last edited by

        Not familiar with the product but with Suricata you can block using TLS/SSL cert/fingerprint info
        https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords

        OR with File magic you can intercept PGP key exchange, if they dont use TLS.

        Or you could block .chat domain name request…

        Shouldnt be too hard to block another chat service...

        F.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post