alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE POLICY Skype User-Agent detected"; flow:to_server,established; pcre:"/User-Agent\:[^(\n|\r)]+Skype/i"; classtype: policy-violation; sid:2002157; rev:1;)
Can the rule block Skype 3.51 or not? -- SonicLee? - 29 Aug 2007 3.51 does make an http request on startup, so yes it will detect at startup. -- MattJonkman - 29 Aug 2007 We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51? -- SonicLee? - 07 Sep 2007 We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51? -- SonicLee? - 07 Sep 2007
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © Emerging Threats