Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Bittorrent - utorrent

from [Kevin Overcash] Network Security [Permanent Link]
Subject: RE: Bittorrent - utorrent
Date: Fri, 9 Mar 2007 20:20:33 -0500 
Breach Security has a product called BreachView SSL that passively decrypts SSL 
traffic for an IDS without terminating the SSL session.  The product comes as 
either a software plug-in or an appliance. 

http://www.breach.com/products_breachviewssl.asp

ko

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of Panayiotis Psihoyios
Sent: Thursday, March 08, 2007 10:01 AM
To: 'Ove Dalgård Hansen'; focus-ids@securityfocus.com
Subject: RE: Bittorrent - utorrent

Since it is going through SSL (and no IDS can look into SSL), you have two
options:

Plan A: Deny SSL traffic, but that usually this is not possible, 

Plan B: Let your users out through a proxy server, which will identify
non-browser traffic using http/s header inspection. Configure your firewall
to permit HTTP/S out only from your proxy and not your clients.

Regards,
Panayiotis

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ove Dalgard Hansen
Sent: Wednesday, March 07, 2007 9:38 PM
To: focus-ids@securityfocus.com
Subject: Bittorrent - utorrent

Hello Everyone,

I am in a bit of trouble,

On a network where i am configuring IDS - using ASA5510 + SSM module, we try
to deny access to Bittorrent downloads - it consumes quite a bit of bandwith
and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes
protocol and goes by the SSL port 443 and thereby circumvent the IDS, since
its not possible to see the encrypted traffic. 

Does anyone out there have a good idea of how i am to solve the issue?


Best Regards

Ove Hansen
IT-Quality A/S 
Banemarksvej 50F
Denmark - 2605




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Bittorrent - utorrent, dpat
Next by Date:  Re: Firekeeper - IDS for Firefox available, Jan Wrobel
Previous by Thread:  RE: Bittorrent - utorrent, dpat
Next by Thread:  Re: Bittorrent - utorrent, Fredrik Nordgren
Indexes:  [Date] [Thread] [Top] [All Lists]