Re: Snort - poor man's content filter?

[Tim Kramer <kramert () mlrnoc navy mil>]

Had toyed with this idea.  Experimented with having Snort send
RST packets to connections attempt to surf inappropriate websites.
The thinking was that this configuration would relieve the web
caches of having to ALL web traffic for the inappropriate content.

Unfortunately, that portion of Snort is still buggy and doesn't
function properly.  The other short coming was that Snort doesn't
handle regex's like the caches do (the filters in the caches are
much more flexible).

- Tim 

On Mon, 2001-11-26 at 14:02, Sheahan, Paul (PCLN-NW) wrote:
> Anyone out there using Snort as a web content filter? If I create custom
> rules to search for certain vulgar words and place the Snort sensor next to
> my proxy server, I am easily able to detect which people in the office are
> surfing inappropriate sites and transfering improper files. I was wondering
> if this could be a long term solution for content filtering or if anyone out
> there is using it as such?
>
> Thanks,
> Paul
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users