[isalist] Re: Signatures
- From: "D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR" <DPietruszka@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 6 Oct 2006 11:34:31 -0400
Nice, I put a couple of filters and works like a charm.
If someone has interest on signatures I found this list on the web
http://www.applicationsignatures.co.uk/
Thanks
Regards
Diego R. Pietruszka
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, October 06, 2006 9:50 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Signatures
To identify the application in HTTP traffic, you'll want to seek out the
User-Agent header.
Bear in mind that you can't configure "allow only" HTTP Filter header
definition. This mechanism is "blacklist" only.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
Sent: Friday, October 06, 2006 6:44 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Signatures
Hello there
For the first time in a long time I have some time to play around with
my ISA's and I want to expend some time working on HTTP filtering.
The thing is, how seeing the packets on my NetMon3 Beta (Thanks Jim) I
know the signatures of the product used to generate that HTTP traffic?
For example, which one is the signature for Internet Explorer and which
one for Firefox? To by that way be able to filter traffic generated from
one and not the other one.
Sorry if my question is kind of stupid but I have no idea about this
topic. If you know about some documents online, please let me know.
Thanks guys
Regards
Diego R. Pietruszka
All mail to and from this domain is GFI-scanned.
Other related posts:
