[Snort-users] Outbound Information Filter?

Erek Adams erek at ...950...
Mon Sep 15 09:29:04 EDT 2003


On Sun, 14 Sep 2003, Ratty wrote:

> Hey guys, Im looking for information. I was told snort could fill my need
> for an outbound packet filter, and im interested to know if it can do what
> im looking for, and how to go about implimenting rules to do this. I have an
> old FreeBSD box that i run as a router/firewall (routed/ipfw) and im
> wondering if there are rules for snort i can use that will drop outbound
> packets (or replace information in them) if they contain certain data, such
> as a phone number or credit card number. Just to filter outbound information
> to thwart any unintentional transmission of data. Can snort do this, and
> what would be an example rule to replace all packets that contain
> 123-456-7890 with another phone number such as 321-654-0987.

You can't do it with Snort.  Snort is a Network based Intrusion Detction
System.

You can however do it with Snort-inline or Hogwash.  They are Gateway IDS
style programs.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list