[Snort-users] Snort - poor man's content filter?

Tim Kramer kramert at ...3975...
Tue Nov 27 06:04:05 EST 2001


Had toyed with this idea.  Experimented with having Snort send
RST packets to connections attempt to surf inappropriate websites.
The thinking was that this configuration would relieve the web
caches of having to ALL web traffic for the inappropriate content.

Unfortunately, that portion of Snort is still buggy and doesn't
function properly.  The other short coming was that Snort doesn't
handle regex's like the caches do (the filters in the caches are
much more flexible).

- Tim 

On Mon, 2001-11-26 at 14:02, Sheahan, Paul (PCLN-NW) wrote:
> 
> Anyone out there using Snort as a web content filter? If I create custom
> rules to search for certain vulgar words and place the Snort sensor next to
> my proxy server, I am easily able to detect which people in the office are
> surfing inappropriate sites and transfering improper files. I was wondering
> if this could be a long term solution for content filtering or if anyone out
> there is using it as such?
> 
> Thanks,
> Paul
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list