Hello, Bad news: if a client can use even tcp 443 to communicate, you may have to break the ssl channel analyze the traffice and rebuild it again. But in this case none of your colleagues wanna use their net-bank software. They'll see your certificate, not the bank's one. So in this case you probably need a true content filter.
Otherwise: you have to implement some kind of software restriction policy. If you digitally sign all of the allowed application and if you restrict your users from running any other software, you may win. ;) Kind regards, Gabor Baki -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ove Dalgard Hansen Sent: Wednesday, March 07, 2007 8:38 PM To: focus-ids@securityfocus.com Subject: Bittorrent - utorrent Hello Everyone, I am in a bit of trouble, On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic. Does anyone out there have a good idea of how i am to solve the issue? Best Regards Ove Hansen IT-Quality A/S Banemarksvej 50F Denmark - 2605 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
