[Snort-devel] [Snort-users] Updated IP Blacklisting patch (version 2)
roesch at ...402...
Tue Jun 16 09:44:47 EDT 2009
I haven't tried it with 2.8.5 yet, I'll try it out and see what happens RSN.
On Tue, Jun 16, 2009 at 2:00 AM, Luis Daniel Lucio
Quiroz<luis.daniel.lucio at ...2499...> wrote:
> Le lundi 8 juin 2009 17:12:06, Martin Roesch a écrit :
>> Hey everyone,
>> I had 9 hours to kill flying back to Europe this weekend so I updated
>> the IP Blacklisting patch and it's now available. You can get it
>> What's new?
>> I rewrote the config loader and the event generation code to support
>> named blacklists and loading IP lists from external files. With these
>> two mods you now get the blacklist name included in the event messages
>> when a banned IP tries to access the network AND you can load however
>> many blacklisted IPs you like, potentially hundreds of thousands (at
>> least). Check out the README.iplist file that comes with it for
>> config instructions. Note that whitelists do NOT take names, they're
>> just exceptions to the blacklist anyway.
>> As per usual, this has received minimal testing and NO performance
>> testing. May cause cramping, bowel discomfort and spontaneous
>> decapitation, use at your own risk, your mileage may vary, etc. It's
>> a small piece of code but I may have missed something, feel free to
>> send feedback and I'll fix it if you find anything seriously broken.
>> I still haven't done flexresp-style session sniping nor does it load
>> IPv6 addresses yet. Maybe in v3.
> Has tryed with 2.8.5 beta?
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
More information about the Snort-devel