1. Home
  2. Networking Firewalls
  3. Newbie - can Snort alert me to outgoing traffic?

Newbie - can Snort alert me to outgoing traffic?

I have an iMac G3 at home hooked up to a cable modem. I¹m concerned about apps or spyware that might be connecting to the internet without my knowledge. I¹ve got Snort running (via Henwen, a mac gui for snort) and would like to configure it to alert me to any outgoing network requests. There is a mac utility called Little Snitch that does this, but I was wondering if Snort will do this too.

Is there a Snort rule that might do this? I have a VERY minimal understanding of Snort and NIDS. Thanks in advance...

Reply to
joe
Loading thread data ...

in article cois6r$8mr$ snipped-for-privacy@news.shlink.de, Wolfgang Kueter at snipped-for-privacy@shconnect.de wrote on 11/30/04 4:29 PM:

My wife and kids use this machine for recreation & school etc., and it¹s always on. I don¹t have the time or the desire to monitor everything they download. I just want to keep the machine from turning into a spambot.

I don¹t want to install additional hardware if I can avoid it.

I tried that. It is not user-friendly for someone with a minimal understanding of NIDS. I'm just looking for a fast/easy solution. I didn't think a traffic monitor would be so difficult to configure for a newbie.

Reply to
joe

man netstat. Apart from that: Why do you install/runsoftware, you don't trust?

A gateway is a much better place for a snort sensor.

There are many rules, that can do this. It depends on the configuration of the sensor. Again: A gateway between your box and the other network (probably the internet) is the much better place for the sensor.

Reading the documentation on

formatting link
might help.

Wolfgang

Reply to
Wolfgang Kueter

Which OS version are you running on the box? Actually you are quite on the safe side since you do not use windows, the leading platform for automatic malware replication.

A NIDS is definitely _not_ a tool for beginners.

THere is no easy solution for intrusion detection, because intrusion detection is a complex and difficult matter. If you like I can give you access to a web server, that shows snort logs. If you are able to explain and comment every incident logged, you are allowed to install and use such a tool.

While the configuration _might_ be possible for a beginner the interpretation of the output _is_ certainly not.

Wolfgang

Reply to
Wolfgang Kueter

10.3.6. I guess I'm not too worried about problems since macs are historically pretty safe. I just want to stay ahead of the game.

So I've discovered.

Thanks Wolfgang, but I don't think that will be necessary. If I really want to use Snort I'm going to have to decide if I want to invest time into figuring out how to decipher the logs first.

I quess there are no "quick & easy solutions." The few alerts that I've gotten from snort so far have been somewhat cryptic anyway. Thanks for your help, Wolfgang.

Reply to
Joe

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.