IDS / SNORT p2p bullshit <--- stupid whitehats http://exploitlabs.com/files/misc/badhat.txt
morning_wood > A few folks don't know that Snort can be a little more proactive than just > detection. Check out: > > http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24 > > As for my comment, I agree with Jared's comment. Be sure that your users have > agreed to an acceptable use policy for your University/Company and by that > the accountability falls to them. Also, I just say "be careful" because it > can be a slippery sloap when companys start taking on accountability for > their employees behavior, on the Internet or otherwise. > > :I think the key here is a strong enforceable communicated policy and then > > : identifying the traffic and addressing the > > > > user. I would go with an IDS (Snort is a good :choice to IDENTIFY as you > > can easily write the sigs). Now granted Snort could pick it up on different > > ports depending on what it was looking for, however you need to think about > > tunneled connections via ssh and ssl. A good client inventory app seems to > > be the best way to catch these... Ahhh big brother and his tools. > > > > : Regards, > > : --------------------- > > : Jared Bergeron > > : Systems Analyst / E-Security > > : XEROX Office Printing Business > > > > I have always felt that solving personnel problems with firewalls is a > > really poor use of time and hardware. Admin will end up chasing this all > > the time as the P2P technology changes. Far better to run an IDS and log > > the offenders, the let HR take care of this. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
