lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Feb 14 18:23:46 2006
From: sekure at gmail.com (sekure)
Subject: blocking Google Desktop

I believe it is per TCP session, but don't quote me on that.  Actually
now that i think about it, if it indeed is per TCP session then the
second rule will not trigger, since the SSL connection will be a part
of a different session.

I am not 100% sure though.  Try it out and let us know. You might want
to post to snort-sigs or snort-users and see if they are more helpful.

On 2/14/06, Michael Holstein <michael.holstein@...ohio.edu> wrote:
> > The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
> > And the second rule would get flowbits:isset,google.user.agent;
>
> Is that global (if #1, then always #2), or is it "per-IP" ?
>
> I verified I can block the SSL session setup using the snort sig I
> posted the other day .. but it kills any Google SSL (gmail, groups,
> etc.) .. which is fine, provided I can only block google SSL to users
> that are running the desktop.
>
> ~Mike.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ