Snort mailing list archives
RE: HTML E-Mail Rule
From: "Gordon Cunningham" <gcunnin2 () bellsouth net>
Date: Wed, 22 Jan 2003 21:44:47 -0500
If the users are using the web site, they are most-likely sending HTML via forms and that is all you'll see. I believe you'll have to learn the <hotmail> destinations and filter on those. If they are using a mail client and hitting Hotmail via imap or pop3, you can filter on those. Probably add the destination for better filtering. Or you can do what we do - shut off access to all email-based web sites. Most companies that sell filter lists by category will have them listed. Proxy servers and/or firewalls will allow this. - Gordon -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mike Koponick Sent: Wednesday, January 22, 2003 8:50 PM To: snort-users () lists sourceforge net Subject: [Snort-users] HTML E-Mail Rule Hello Snort-Users! I've done a little research, but need would like to get the view of of the group. I have a requirement to see which nodes on the network are using HTML E-Mail (like Hotmail) outbound. Is there a rule out there that will "sniff" those packets? Thanks in advance, Mike ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule header variables Jim Schwin (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- <Possible follow-ups>
- Re: Rule header variables Matt Kettler (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)
- Re: Rule header variables Matt Kettler (Jan 22)
- HTML E-Mail Rule Mike Koponick (Jan 22)
- Re: HTML E-Mail Rule Matt Kettler (Jan 22)
- RE: HTML E-Mail Rule Gordon Cunningham (Jan 22)
- Re: Rule header variables Erick Mechler (Jan 22)