On Wed, 24 Jan 2001, Dan McGinn-Combs wrote:
> Surf Control has some wonderful capability to stop connections in their
> tracks, but I'm not sure even it can pick an AOL messenger message out of
> the soup on port 80.
>
Iff you know what to look for in the stream a user-
configurable IDS system (Snort, NFR, e.g.) could pick this out
of the soup for you. Snort already detects Napster; don't
know offhand about AIM &c.
You'd need a policy prohibiting these, with teeth in it, if
you're going to just detect these connections and not
automatically block them; the IDS will provide the evidence for
disciplinary action. Of course, you could consider, very
carefully, having detection automatically trigger a tool to
tear down the suspect connections.
--
KH
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
