this post was submitted on 10 May 2024
52 points (100.0% liked)
Free and Open Source Software
18021 readers
11 users here now
If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does Suricata or Snort allow the user to block per-process outgoing traffic?
Both do deep packet inspection using netflow protocol and filter using crowd sourced detection rules as well as commercial, process-level filtering on a host operating system to detect network intrusion is unecessarily resource intensive.
https://www.netgate.com/blog/suricata-vs-snort
ZenArmor does the same as both, but also uses python scripts with a fancy graphical interface.
Do people really run zenarmour, snort or suricate on their desktop?
Feels like a network firewall thing to do DPI for the whole house, instead of a per-machine thing.
Process-level filtering is to avoid exfiltration from environments where "all processes run as the same user, with full access to all other processes"... which, unfortunately, are still most of them.
DPI is nice to stop incoming attacks, and to detect suspicious outgoing traffic, but it's kind of late when the data is already on the wire, and you won't be able to stop all possible kinds of traffic that way.