EmergingThreats> Main Web>2002157 (revision 4)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE POLICY Skype User-Agent detected"; flow:to_server,established; pcre:"/User-Agent\:[^(\n|\r)]+Skype/i"; classtype: policy-violation; sid:2002157; rev:1;)


Can the rule block Skype 3.51 or not?

-- SonicLee? - 29 Aug 2007

3.51 does make an http request on startup, so yes it will detect at startup.

-- MattJonkman - 29 Aug 2007

We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51?

-- SonicLee? - 07 Sep 2007

We tested signature #2001595 2001596 2002157 2003022, still can not block skype 3.51. Have any one signatures to block skype 3.51?

-- SonicLee? - 07 Sep 2007


Edit | Attach | Print version | History: r8 | r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2007-09-07 - SonicLee?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats