Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Jabber and Proventia G

from [Sam Evans] Network Security [Permanent Link]
Subject: Re: Jabber and Proventia G
Date: Wed, 6 Apr 2005 08:19:17 -0600 
I think the best you can do is create a Trons (Snort because ISS tried
to be sneaky) rule to do this.

You would have to sniff the first few packets of the file transfer and
then create your signature appropriately.  For documentation on how to
create a Snort signature, you might refer to the documentation on
www.snort.org.

Otherwise, as far as I know, ISS keeps their voodoo magic to
themselves and does not allow you to create any sort of custom
protocol analysis.

HTH,
Sam



On Apr 5, 2005 7:17 AM, Is it possible? <is-it-possible@no-log.org> wrote:

Hey there,

I need to know how I can block jabber users from sending
attachements.

We are using a jabber server just like http://status.jabber.org and
the clients are win32 using the jabber app we can download there
www.neosmt.com

I've been looking and I do not know how to write a policy for
Proventia G.

The general idea is to block known potential threads like .exe, .zip
or whatever like that. If it is a .doc, .xls or PGP encrypted files,
I need it to get to my mailbox. Also, I can send a JPG file which is
in fact a renamed PDF.

The users are using Jabber in clear-text but in the future we may
enforce the use of SSL.

How do I do it?

Thank you very much,

Allan Setright

--------------------------------------------------------------------------
Stop hurting your network!

The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Honeynet Security Console 2.0 Released, Jeff Dell
Next by Date:  RE: MPLS IDS question, Gary Halleen
Previous by Thread:  Jabber and Proventia G, Is it possible?
Next by Thread:  Honeynet Security Console 2.0 Released, Jeff Dell
Indexes:  [Date] [Thread] [Top] [All Lists]