[Snort-users] HTML E-Mail Rule

Gordon Cunningham gcunnin2 at ...163...
Wed Jan 22 18:45:03 EST 2003

If the users are using the web site, they are most-likely sending HTML via
forms and that is all you'll see.  I believe you'll have to learn the
<hotmail> destinations and filter on those.

If they are using a mail client and hitting Hotmail via imap or pop3, you
can filter on those.  Probably add the destination for better filtering.

Or you can do what we do - shut off access to all email-based web sites.
Most companies that sell filter lists by category will have them listed.
Proxy servers and/or firewalls will allow this.

- Gordon

 -----Original Message-----
From: 	snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]  On Behalf Of Mike Koponick
Sent:	Wednesday, January 22, 2003 8:50 PM
To:	snort-users at lists.sourceforge.net
Subject:	[Snort-users] HTML E-Mail Rule

Hello Snort-Users!

I've done a little research, but need would like to get the view of of the
group. I have a requirement to see which nodes on the network are using HTML
E-Mail (like Hotmail) outbound. Is there a rule out there that will "sniff"
those packets?

Thanks in advance,


This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list