-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 another way is to check all applications using specific ports in a single host and reference this check with a database containing names of p2p applications. You just need to create a proxy server between the application layer and tcp/ip layer that will perform the checks. This is more into IDS filed .
Regards Abiola Abimbola BEng, MSc Researcher Room 707 Tele: 231-2503 School of Computing & Mathematical Sciences Liverpool John Moores University Byrom Street, Liverpool, UK - -----Original Message----- From: Gary Flynn [mailto:[EMAIL PROTECTED]] Sent: 09 December 2002 20:18 To: Beker Eli Cc: [EMAIL PROTECTED] Subject: Re: [ISSForum] P2P applications and IDS/IPS Beker Eli wrote: > > how do I know the http/https/ssh outbound traffic I allow on my > corporate gateways, is not used by p2p applications? > For Trojans/worms using those ports, we usually use a good > antivirus. do we have something similar to catch all those > commercial and > others apps using well known ports to send their traffic > stealthily? do we need the IDS to recognize them? like it know > backdoors... Once this stuff starts using https or ssh, we're all in a boatload of trouble without desktop configuration control unless we want to restrict traffic to particular hosts. The only way out of that that I can think of is an SSL proxy-like device through which all https sessions must travel so you can do IDS/firewalling/content management on the inside...assuming you trust the inside and all your web sites trust the SSL proxy. :) Back to square one...maintain the computers. - -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPfXnayXHu/aXqTsiEQKYcgCdE7ZiW3hbiVSRORwgJ02sa73/kEsAoIdD hKfU6VynBv+K0vN3I1pVGzzj =CKVp -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
