Snort mailing list archives
Re: Outbound Information Filter?
From: Erek Adams <erek () snort org>
Date: Mon, 15 Sep 2003 12:28:18 -0400 (EDT)
On Sun, 14 Sep 2003, Ratty wrote:
Hey guys, Im looking for information. I was told snort could fill my need for an outbound packet filter, and im interested to know if it can do what im looking for, and how to go about implimenting rules to do this. I have an old FreeBSD box that i run as a router/firewall (routed/ipfw) and im wondering if there are rules for snort i can use that will drop outbound packets (or replace information in them) if they contain certain data, such as a phone number or credit card number. Just to filter outbound information to thwart any unintentional transmission of data. Can snort do this, and what would be an example rule to replace all packets that contain 123-456-7890 with another phone number such as 321-654-0987.
You can't do it with Snort. Snort is a Network based Intrusion Detction System. You can however do it with Snort-inline or Hogwash. They are Gateway IDS style programs. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Outbound Information Filter? Ratty (Sep 14)
- Re: Outbound Information Filter? Erek Adams (Sep 15)