[Snort-sigs] Snort for detecting spyware?

Imran William Smith iwsmith at ...500...
Sun May 5 18:09:01 EDT 2002


Has anybody done any work on detecting spyware with
snort?  Seems like the logical way to do it, but looks
like most approaches so far are host-based.

Several advantages to network method : 

1) not necessary to install software on each desktop
2) one client gets 'infected' with known spyware -> can
then block offending external sites for the whole organisation
at the firewall (or flex response).
3) very quick method to determine scale of the problem

I have contacted the people at www.lavasoftusa.com who
develop the well respected ad-aware product, asking them
if they could give any help with network based signatures,
and mentioning snort to them.


--
Imran William Smith
Security Products Development
Mimos Bhd, Malaysia







More information about the Snort-sigs mailing list