[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Snort - barrando o skype

do FAQ

Q: How can I use l7-filter to redirect some of my traffic (to a proxy, etc.)?

A: You pretty much can't, at least not in any straightforward way.
L7-filter can't possibly identifiy what protocol a connection is using
until it sees a packet with data in it. For TCP, this is the third
packet, far too late to start redirecting anything. (Convoluted
schemes involving duplicating all your packets until you get a match
may be possible, but we don't recommend it.) For UDP, it could work,
providing that l7-filter gets enough data in the first packet to make
a decision. This is not our focus, however.

This can be done if you match on some quality that every packet has
(such as port or IP number) rather than using l7-filter.

On 3/21/06, Fabiano Pires <fabiano.pires@gmail.com> wrote:
> O módulo de iptables "layer 7 filter" identifica o skype (segundo o
> próprio site - http://l7-filter.sf.net).
> Fabiano
>
> Em 21/03/06, Márcio Luciano Donada<mdonada@auroraalimentos.com.br> escreveu:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Romulo Sousa wrote:
> > > Boa tarde pessoal,
> > >
> > > Gostaria de saber se o snort barra o skype. Acontece que tenho um
> > > rede onde muitos usuários estão a utilizando para conexão com o
> > > skype. Isso tá gerando uma demanda muito grande de banda. Pelo que
> > > estou vendo, o iptables não resolve já que as portas que o skype
> > > utiliza são aleatórias. Ouvi dizer que o snort resolve isso.
> > > Agradeceria se alguém pudesse colaborar com essa informação e, se
> > > possível, um link sobre uma documentação na internet.
> > >
> > > Abraço a todos,
> > >
> > > Romulo Sousa
> > >
> > >
> > Se achar algo, divulge na lista.
> >
> > []'s
> >
> > - --
> > Atenciosamente,
> > Márcio Luciano Donada
> > T.I. Aurora Alimentos - Chapecó(SC)
> > Cooperativa Central Oeste Catarinense
> > Telefones (49)33213161 ou (49)33213182
> > mdonada at auroraalimentos dot com dot br
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (FreeBSD)
> >
> > iD8DBQFEIGjxyJq2hZEymxcRAm/YAJ4n4dKNR3/C0iHagrPA+R9araj5ZACgoSBp
> > 5/Gc7yMTF00n0b8cYTvgGac=
> > =G8hy
> > -----END PGP SIGNATURE-----
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
>
> --
> Abraços,
> Fabiano
>
>
Reply to: