Snort mailing list archives

Previous By Date Next
Previous By Thread Next

advice on content rule for outgoing email

From: jeffs () speakeasy net
Date: Wed, 23 Jun 2004 23:31:27 +0000
Hello, and I'm glad to be part of this list.  I have snort version 2.1.3 running on IPCop and I am very pleased with 
its results.

I am familiar with writing rules although not terribly experienced with it.  That is, I am familiar with the meaning 
behind many of the tags.

Okay.  So I need a rule that will scan outgoing email content (not pop3 or smtp protocol, but rather IMAP emails, i.e, 
going to port 80) for particular phrases or text.  I have succeeded in doing this with a simple rule, but that simple 
rule also brings up alerts when those phrases are found in web pages due to normal surfing.

Anyway around this?

Thanks,

J.




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: