Snort mailing list archives

Re: snort and proxy

From: Michael Boman <michael.boman () securecirt com>
Date: Fri, 07 Nov 2003 16:29:57 +0800

On Fri, 2003-11-07 at 16:59, nosnos wrote:

Hi,

I want to know if snort can store the ip of a destination if snort is 
bewind a proxy. For the moment, my snort can't see the destination 
because all request has the proxy's IP .... :( Is there a way to solve 
this problem ?

Moreover, i want snort to list all the URL that my network attemp to reach.

For example I have 3 pc connected and I want that snort make the 
followig list (in a database if possible)
(an example) :

- IP src                                     URL
10.150.1.20 (pc IP 1)              www.linux.org
10.150.1.20 (pc IP 1)              www.snort.org
10.150.1.20 (pc IP 1)              www.amazon.com
....
PS : i don't the IP dest because, an IP can be assigned for many site ....


thx a lot


I suggest that you should use your proxy server's logs to correlate the
event(s). Snort is not the right tool for this job.

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT Pte Ltd
http://www.securecirt.com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

snort and proxy nosnos (Nov 07)
- Re: snort and proxy Michael Boman (Nov 07)
  - Re: snort and proxy Sp0oKeR Labs (Nov 07)