Snort mailing list archives
Re: spyware
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 15 Jan 2005 23:20:06 +0100
El vie, 14 de 01 de 2005 a las 19:10, Joe Giles escribió:
Miner, Jonathan W (CSC) (US SSA) wrote:Yes, I've found that the bleedingsnort.com rules have been very effective at detecting spyware. -----Original Message----- From: spiv007 [mailto:spiv007 () gmail com] Sent: Tuesday, January 11, 2005 1:54 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] spyware Can I use snort to dectect spyware, viruses, and spam on my network? ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-usersIsn't there a Snort app that will work with your firewal (iptables) that will detect a problem and drop the packet before it gets to your machine? I seem to remember seeing something like that once. This would be great for spyware, malware, and viruses; among other intrusions. Joe
Yes, you can use iptables -j QUEUE and snort-inline to do this, it works quite well. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spyware spiv007 (Jan 11)
- RE: spyware Bob Konigsberg (Jan 11)
- <Possible follow-ups>
- RE: spyware Harper, Patrick (Jan 11)
- RE: spyware Jose Maria Lopez (Jan 11)
- RE: spyware Miner, Jonathan W (CSC) (US SSA) (Jan 11)
- Re: spyware Joe Giles (Jan 14)
- Re: spyware Jose Maria Lopez (Jan 15)
- Re: spyware Joe Giles (Jan 14)