Snort mailing list archives
Re: sircam removal
From: "JP" <Theblahact () hotmail com>
Date: Thu, 30 Aug 2001 22:44:57 +1000
Being the devil's advocate here, but some firewalls can do that. (industry favourite = FW-1 - it is easily possible to block viruses, attachment types etc). Personally I think you are better off doing it with Snort...... or Hogwash (http://hogwash.sourceforge.net/) Has anyone got that up and running in a serious prod env??? I have put it on the backburner for a while but looks very interesting. I had an idea for developing an open source application level firewall behind a normal packet filter - bridging firewall, dual homed, inline, no IP addresses (drooling now.....). Hogwash looks perfect. (still thinking about the redundancy aspect tho.....). Packet filters are packet filters. Keep them simple and let them maintain state etc for you. Do the funky application level stuff with something else. JP ----- Original Message ----- From: "Michael Boman" <michael () ayeka dyndns org>
open the email before I ever realise it's gone through. Is there a way
to
disable to packets containing those nasty attachments as they go through the firewall?Not the firewall, but either using a SMTP mailcleaner (like AMaViS or procmail scripts) or enable flexresp in your snort and start hacking your
own
snort rules.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sircam removal Chris Mason (Aug 30)
- Re: sircam removal Michael Boman (Aug 30)
- Re: sircam removal JP (Aug 30)
- Re: sircam removal Ralf Hildebrandt (Aug 30)
- Re: sircam removal Florent (Aug 30)
- Re: sircam removal Ralf Hildebrandt (Aug 30)
- Re: sircam removal Jason Haar (Aug 31)
- Re: sircam removal Florent (Aug 30)
- Re: sircam removal Michael Boman (Aug 30)
- <Possible follow-ups>
- RE: sircam removal Graeme Fowler (Aug 30)
- RE: sircam removal Erek Adams (Aug 30)