Experimental Skype preprocessor release

Today is the day.

NOTES:

- This is released under the VRT license

- This is experimental code

- The work for this was done some time ago but was OBE before I had time to release. I’ve updated it for 2.7.0.1 but it may not detect modern Skype at all. ***This would be important feedback to give.***

- I’ve not tested blocking. *** Important feedback to give***

- I’ve not evaluated for performance or even done the classic review after functional code routine. ** important feedback to give***

- USE AT YOUR OWN RISK. NO WARRANTIES...

- I will be gathering feedback and updating this code as it is appropriate.

Instructions:

1) Download the bundle.

spp_skype_dyn-snort-2.7.0.1-20070813.tgz

2) Make a directory to extract it to

3) Apply the diff file “spp_skype.diff” to your snort 2.7.0.1 src tree

4) ./configure --enable-dynamicplugin && make && make install

5) Enable stream5 udp tracking - See etc/snort.conf

6) Enable skype - See etc/snort.conf

7) Run it and provide feedback to jasonb[at]sourcefire.com or on snort-devel.

My Blog

Monday, August 13, 2007

next >

< previous