[Snort-users] HTML E-Mail Rule
gcunnin2 at ...163...
Wed Jan 22 18:45:03 EST 2003
If the users are using the web site, they are most-likely sending HTML via
forms and that is all you'll see. I believe you'll have to learn the
<hotmail> destinations and filter on those.
If they are using a mail client and hitting Hotmail via imap or pop3, you
can filter on those. Probably add the destination for better filtering.
Or you can do what we do - shut off access to all email-based web sites.
Most companies that sell filter lists by category will have them listed.
Proxy servers and/or firewalls will allow this.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mike Koponick
Sent: Wednesday, January 22, 2003 8:50 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] HTML E-Mail Rule
I've done a little research, but need would like to get the view of of the
group. I have a requirement to see which nodes on the network are using HTML
E-Mail (like Hotmail) outbound. Is there a rule out there that will "sniff"
Thanks in advance,
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users