alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE POLICY Skype User-Agent detected"; flow:to_server,established; pcre:"/User-Agent\:[^(\n|\r)]+Skype/i"; classtype: policy-violation; sid:2002157; rev:1;)
Can the rule block Skype 3.51 or not?
--
SonicLee? - 29 Aug 2007
3.51 does make an http request on startup, so yes it will detect at startup.
--
MattJonkman - 29 Aug 2007
We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51?
--
SonicLee? - 07 Sep 2007
We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51?
--
SonicLee? - 07 Sep 2007
Topic revision: r4 - 2007-09-07
- SonicLee?