Snort mailing list archives
Re: Snort - poor man's content filter?
From: Tim Kramer <kramert () mlrnoc navy mil>
Date: 27 Nov 2001 17:55:05 -0500
Had toyed with this idea. Experimented with having Snort send RST packets to connections attempt to surf inappropriate websites. The thinking was that this configuration would relieve the web caches of having to ALL web traffic for the inappropriate content. Unfortunately, that portion of Snort is still buggy and doesn't function properly. The other short coming was that Snort doesn't handle regex's like the caches do (the filters in the caches are much more flexible). - Tim On Mon, 2001-11-26 at 14:02, Sheahan, Paul (PCLN-NW) wrote:
Anyone out there using Snort as a web content filter? If I create custom rules to search for certain vulgar words and place the Snort sensor next to my proxy server, I am easily able to detect which people in the office are surfing inappropriate sites and transfering improper files. I was wondering if this could be a long term solution for content filtering or if anyone out there is using it as such? Thanks, Paul _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - poor man's content filter? Sheahan, Paul (PCLN-NW) (Nov 26)
- Re: Snort - poor man's content filter? Tim Kramer (Nov 27)
- <Possible follow-ups>
- RE: Snort - poor man's content filter? Dell, Jeffrey (Nov 26)