[Snort-users] monitoring who is monitoring you with snort (just a bit off topic)

Brian Caswell bmc at ...312...
Fri Nov 24 19:52:50 EST 2000

mike johnson wrote:
> has anyone tried to build rules to monitor what some of the marketing
> companies are gathering about you as you browse the internet?  companies
> like doubleclick, alexa, exactis, digital impact, responsys.
> this could be a whole new use for snort.  granted, not the primary function
> of snort, but a very useful use for home users.

Well, I would prefer to use something that would parse the HTML a bit
There are many ways to hide "webbugs" into pages.  The best one I have
seen was
as follows.  A 1x1 GIF was included into an HTML file, but the GIF was
actually 6x2
of invisable.  It was included by an <img src=something.html> that had a
that set the max size for the GIF to 1x1.  Its too bad that most
browsers (well, all 
that I know of) would not render it.  Browsers would go to the page

AdZap [0] has done a decent job at getting many of the lame web ads,
banners, and 
javascript put in by organizations that want to track you. Since
everyone should 
be using a caching proxy server, adding in something like AdZap would be
easy.  Then just log everything from "AdZap" to your IDS logs.  

Of course, if you do something silly like browse CNN.com your logs will
grow huge

[0] http://www.zip.com.au/~cs/adzap/index.html

Brian Caswell
The MITRE Corporation

More information about the Snort-users mailing list