This makes interesting reading. It neither says one thing or another really, and it will be down to each sub-organisation as to how it either allows or controls it (should they see fit to). Nice stats though and intersting to see how the super-nodes work.
Very difficult to control unless you block HTTPS. But you should be doing that anyway to stop people tunnelling. Right?
[/quote]Very difficult to control [quote]
I consider that an understatement! I briefly looked into doing it but when I found this paper I gave up:
http://www.di.ens.fr/~chaintre/desk/...acterizing.pdf
Our ISP blocks almost everything, except https - how else could I tunnel home
Well Snort has rules for it. So I can detect and block skype activity. Personally, lacking any directive from upon high, I've not blocked it. I only log installation and usage with snort.
If your proxy allows blocking clients via User Agent that would be effective. Squid/Dansguardian certainly can.Code:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Policy Skype VOIP Checking Version (Startup)"; flow: to_server,established; uricontent:"/ui/"; nocase; uricontent:"/getlatestversion?ver="; nocase; reference:url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf; classtype: policy-violation; sid: 2001595; rev:6; ) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Policy Skype VOIP Reporting Install"; flow: to_server,established; uricontent:"/ui/"; nocase; uricontent:"/installed"; nocase; reference:url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf; classtype: policy-violation; sid: 2001596; rev:6; ) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE POLICY Skype User-Agent detected"; flow:to_server,established; pcre:"/User-Agent\:[^(\n|\r)]+Skype/i"; classtype: policy-violation; sid:2002157; rev:1;)
cool, I got the impression the only way to do that was header inspection which wasn't possible with encrypted https.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote