Snort mailing list archives
Determining remote proxy servers using snort.
From: fatema bannatwala <fatema.bannatwala () gmail com>
Date: Fri, 29 Jul 2016 14:18:44 -0400
Hi, Recently we have seen an uptick in use of proxy servers to login to the accounts from people living in China. And since the connection appears to come from US based IP address (probably a proxy) they go un-flagged by the IDS/IPS devices, as they see normal logins from United States IP addresses. So my question is, is there a way to determine that the incoming connection from an IP is actually a proxy server's IP, by looking at some unique patterns in data collected by IDS/IPS devices? and if so can we do it using snort? Thanks, Fatema.
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Determining remote proxy servers using snort. fatema bannatwala (Jul 29)