Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Time filtering in Snort

From: wkitty42 () windstream net
Date: Mon, 13 Nov 2017 19:11:14 -0500
On 11/13/2017 05:44 PM, Joel Esler (jesler) via Snort-users wrote:

Please keep traffic on list.

Sent from my iPhone

On Nov 13, 2017, at 3:44 PM, Naas Si Ahmed <naas.si.ahmed () gmail com> wrote:


Thank you,
Well, I'm trying to prevent my users not to use some sites during the working time ( all days but friday ).
then do that where it should be done... in the firewall, web proxy or possibly your DNS server... for example DNSMASQ can easily do this and you might simply change out the blocked conf with the unblocked by cron... 


eg:
# dnsmasq.conf for [redacted]
[...]
# block these domains with NXDOMAIN
server=/example.com/
server=/facebook.com/
server=/fbcdn.net/
server=/fbcdn.com/
server=/facebook.net/
you can even redirect these requests to your own dedicated web server with a page informing the employee/individual of the blockage, why it is being blocked and possibly also noting that their attempted access has been tallied with reminder that too many tallies may result in remediation of some sort (eg: one day off without pay for 1st offense, one week off without pay for 2nd offense, no job for 3rd offense)...
let's just say that it completely stopped the mess "over here" *BUT* this was done only to reinforce corporate policy as stated in the employee handbook... without corporate policy in place, things might not be as easy to swing...
let's also not forget that social problems cannot be fought or dealt with via electronic means... social problems, like failing to follow the rules, require other means of enforcement and penalty... 

YMMV

--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: