Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outbound Information Filter?

From: Erek Adams <erek () snort org>
Date: Mon, 15 Sep 2003 12:28:18 -0400 (EDT)
On Sun, 14 Sep 2003, Ratty wrote:


Hey guys, Im looking for information. I was told snort could fill my need
for an outbound packet filter, and im interested to know if it can do what
im looking for, and how to go about implimenting rules to do this. I have an
old FreeBSD box that i run as a router/firewall (routed/ipfw) and im
wondering if there are rules for snort i can use that will drop outbound
packets (or replace information in them) if they contain certain data, such
as a phone number or credit card number. Just to filter outbound information
to thwart any unintentional transmission of data. Can snort do this, and
what would be an example rule to replace all packets that contain
123-456-7890 with another phone number such as 321-654-0987.


You can't do it with Snort.  Snort is a Network based Intrusion Detction
System.

You can however do it with Snort-inline or Hogwash.  They are Gateway IDS
style programs.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: