Newbie - can Snort alert me to outgoing traffic?

Newbie - can Snort alert me to outgoing traffic?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Newbie - can Snort alert me to outgoing traffic? joe 11-30-2004
Posted by joe on November 30, 2004, 2:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have an iMac G3 at home hooked up to a cable modem. I¹m concerned about
apps or spyware that might be connecting to the internet without my
knowledge. I¹ve got Snort running (via Henwen, a mac gui for snort) and
would like to configure it to alert me to any outgoing network requests.
There is a mac utility called Little Snitch that does this, but I was
wondering if Snort will do this too.

Is there a Snort rule that might do this? I have a VERY minimal
understanding of Snort and NIDS. Thanks in advance...



Posted by Wolfgang Kueter on November 30, 2004, 11:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
joe wrote:

> I have an iMac G3 at home hooked up to a cable modem. I¹m concerned about
> apps or spyware that might be connecting to the internet without my
> knowledge.

man netstat. Apart from that: Why do you install/runsoftware, you don't
trust?

> I¹ve got Snort running (via Henwen, a mac gui for snort) and
> would like to configure it to alert me to any outgoing network requests.

A gateway is a much better place for a snort sensor.

> Is there a Snort rule that might do this?

There are many rules, that can do this. It depends on the configuration of
the sensor. Again: A gateway between your box and the other network
(probably the internet) is the much better place for the sensor.

> I have a VERY minimal understanding of Snort and NIDS.

Reading the documentation on http://www.snort.org might help.

Wolfgang


Similar ThreadsPosted
Block Outgoing Traffic Only October 21, 2007, 10:41 pm
URGENT - Logs - outgoing 443 traffic November 16, 2004, 9:50 am
ICMP 3 & 11 incoming but no outgoing traffic September 14, 2005, 12:48 am
Simple method to block outgoing traffic April 17, 2006, 4:40 pm
Watchguard Firebox 5x blocking outgoing traffic. May 14, 2006, 7:36 pm
What's the point of not allowing all outgoing traffic by default? May 24, 2007, 1:13 am
[Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall? March 25, 2005, 11:12 am
Snort November 23, 2004, 8:21 am
Shorewall + SNORT November 9, 2006, 4:23 pm
Help! Snort - way outside my knowledge, I am attacking! April 1, 2007, 1:06 pm

The site map in XML format XML site map

Contact Us | Privacy Policy