[Snort-users] Outbound Information Filter?
erek at ...950...
Mon Sep 15 09:29:04 EDT 2003
On Sun, 14 Sep 2003, Ratty wrote:
> Hey guys, Im looking for information. I was told snort could fill my need
> for an outbound packet filter, and im interested to know if it can do what
> im looking for, and how to go about implimenting rules to do this. I have an
> old FreeBSD box that i run as a router/firewall (routed/ipfw) and im
> wondering if there are rules for snort i can use that will drop outbound
> packets (or replace information in them) if they contain certain data, such
> as a phone number or credit card number. Just to filter outbound information
> to thwart any unintentional transmission of data. Can snort do this, and
> what would be an example rule to replace all packets that contain
> 123-456-7890 with another phone number such as 321-654-0987.
You can't do it with Snort. Snort is a Network based Intrusion Detction
You can however do it with Snort-inline or Hogwash. They are Gateway IDS
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users