[Snort-users] Snort on proxy (outbound alerts)

T. R joga3.web at ...11827...
Fri Jan 18 13:51:22 EST 2013


I cannot run a transparent proxy.

You got it, I want to be alerted about my LAN.
Already thought about BPF filters, but what you are forgetting, is that
some rules are made to match on some DESTINATIONS. In my case, the
destination for my clients' HTTP traffic will always be my proxy.
Something interesting, would be if snort could look at the CONNECT method
in my HTTP requests (for example).

T.

2013/1/18 waldo kitty <wkitty42 at ...14940...>

> On 1/18/2013 06:50, J. H wrote:
> > Hi,
> >
> > Thank you for answering.
> >
> > Only one interface on my proxy machine.
> >
> > SQUID/Snort listenin on the same one.
>
> some might consider that to be part of the problem... it sounds like what
> you
> want is for snort to be listening only to your internal machines... you
> might be
> able to use a bpf to block out alerts concerning your proxy...
>
>
>
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130118/dd0da36f/attachment.html>


More information about the Snort-users mailing list