Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Determining remote proxy servers using snort.

From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Fri, 29 Jul 2016 14:18:44 -0400
Hi,

Recently we have seen an uptick in use of proxy servers to login to the
accounts from people living in China. And since the connection appears to
come from US based IP address (probably a proxy) they go un-flagged by the
IDS/IPS devices, as they see normal logins from United States IP addresses.
So my question is, is there a way to determine that the incoming connection
from an IP is actually a proxy server's IP, by looking at some unique
patterns in data collected by IDS/IPS devices? and if so can we do it using
snort?

Thanks,
Fatema.

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: