Snort mailing list archives
RE: [Snort-sigs] capture email
From: "Snort" <Snort () intercept net>
Date: Tue, 4 Nov 2003 09:20:28 -0500
Well it depends on how much control you have on your network plus how you want to capture it. My thought is to capture the packets/ trigger an alert when a user use the web based e-mail service and to have the e-mail server send a copy of the e-mails being sent to the teacher to another e-mail box for analysis/research. I am kind of lost though, what are you trying to accomplish? Are you trying to just capture e-mails, setup ids to alert you when a specified email address is received by your server, or find out which student and from where is sending these e-mails? Most of this you really don't need ids, just email server logging and a copy of the e-mails, then you can track back to the provider and have them look for which ip address it came from, who it is registered to, when they registered and from where. Etc etc. Michael -----Original Message----- From: Ricardo Londono [mailto:rlondono () ccisd net] Posted At: Monday, November 03, 2003 12:38 PM Posted To: Snort Conversation: [Snort-sigs] capture email Subject: [Snort-sigs] capture email I saw the following question in the archives and was wondering if this is possible? I work for a school district and we have a student sending threats via email to a teacher. The student is using web-based email... *************************************************************** EMAIL FROM James... "Wouldn't it be nice to be able to capture an _entire SMTP session_ based on a key word embedded somewhere in the SMTP message? This could easily be used to look for messages with a specific email address on them, with a specific key word inside them, etc. Anyone want to write an SMTP protocol handler?" *************************************************************** I'm interested in capturing email from a specific email. thanks for any help. Ricardo LondoƱo ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-sigs] capture email Snort (Nov 04)
- <Possible follow-ups>
- RE: [Snort-sigs] capture email Snort (Nov 04)
- RE: RE: [Snort-sigs] capture email Schmehl, Paul L (Nov 04)
- RE: RE: [Snort-sigs] capture email Ricardo Londono (Nov 05)