Re: [Full-disclosure] blocking Google Desktop
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Tue, 14 Feb 2006 13:11:29 -0500
The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
And the second rule would get flowbits:isset,google.user.agent;
Is that global (if #1, then always #2), or is it "per-IP" ?
I verified I can block the SSL session setup using the snort sig I posted the other day .. but it kills any Google SSL (gmail, groups, etc.) .. which is fine, provided I can only block google SSL to users that are running the desktop.
~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] blocking Google Desktop
- From: sekure
- Re: [Full-disclosure] blocking Google Desktop
- References:
- [Full-disclosure] blocking Google Desktop
- From: Michael Holstein
- Re: [Full-disclosure] blocking Google Desktop
- From: Joshua Levitsky
- Re: [Full-disclosure] blocking Google Desktop
- From: Michael Holstein
- Re: [Full-disclosure] blocking Google Desktop
- From: Line Noise
- Re: [Full-disclosure] blocking Google Desktop
- From: J.A. Terranson
- Re: [Full-disclosure] blocking Google Desktop
- From: Jason Coombs
- Re: [Full-disclosure] blocking Google Desktop
- From: J.A. Terranson
- Re: [Full-disclosure] blocking Google Desktop
- From: Michael Holstein
- Re: [Full-disclosure] blocking Google Desktop
- From: sekure
- [Full-disclosure] blocking Google Desktop
- Prev by Date: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
- Next by Date: [Full-disclosure] iDefense Security Advisory 02.14.06: Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
- Previous by thread: Re: [Full-disclosure] blocking Google Desktop
- Next by thread: Re: [Full-disclosure] blocking Google Desktop
- Index(es):
