Re: rules for skype - Taylor, Grant

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: rules for skype
Date: Mon, 02 May 2005 10:58:46 -0500	[thread overview]
Message-ID: <42764E36.7080300@riverviewtech.net> (raw)
In-Reply-To: <42764919.60507@lopsch.com>

> I can also block https by blocking port 443 that´s not the point. The 
> point is to block "bad" 443 port traffic and let "good" traffic pass.

One thing that might be able to be done is to limit on the amount of traffic that can pass through any given HTTPS (443) connection.  Namely if an HTTPS connection is on going and has carried a meg of data or more (any thing that would be more than any legitimate HTTPS web submit would be) you could probably know that the traffic was not standard HTTPS traffic and thus safe to shut down.  This might trap some STunnel (?) (SSL tunneling) but then you would know the IP of the other end and you could explicitly allow ongoing HTTPS connections to that IP.  This amount of data match could possibly be matched via the "connbyes" match extension from Patch - O - Matic Extra Repository.

Grant. . . .

next prev parent reply	other threads:[~2005-05-02 15:58 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20050502150901.DAEF39E9F4@dd6816.kasserver.com>
2005-05-02 15:36 ` rules for skype Daniel Lopes
2005-05-02 15:58   ` Taylor, Grant [this message]
2005-05-02 16:48     ` Taylor, Grant
2005-05-02 17:01     ` Deepak Seshadri
2005-05-02 17:09       ` [SPAM] " Taylor, Grant
2005-05-02 17:42         ` Deepak Seshadri
2005-05-02 19:33           ` [SPAM] " Taylor, Grant
2005-05-03  7:17       ` Victor Yeo
2005-05-03  7:50         ` John A. Sullivan III
2005-07-13  2:52           ` Fajar Priyanto
2005-07-13 10:53             ` Daniel Lopes
2005-09-26  7:06 Mofizul Hoq
     [not found] <200505021507.j42F7cIb004153@rti02.co-lo.riverviewtech.net>
2005-05-02 15:56 ` Taylor, Grant
     [not found] <20050501223241.CF7E4103130@correio.solutti.com.br>
2005-05-01 22:35 ` Leonardo Rodrigues Magalhães
2005-05-02 14:36   ` Daniel Lopes
2005-05-02 14:40     ` Taylor, Grant
2005-05-02 15:07       ` Seferovic Edvin
  -- strict thread matches above, loose matches on Subject: below --
2005-05-01  9:37 varun_saa
2005-05-01  9:46 ` Askar
2005-05-01 22:00   ` Taylor, Grant
2005-05-01 22:31     ` Seferovic Edvin
2005-05-01 23:43     ` Mogens Valentin
2005-05-02  1:32       ` Daniel Lopes
2005-05-02  6:14     ` Taylor, Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42764E36.7080300@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.