[Snort-devel] blacklist file for reputation processor

Alex Kirk akirk at ...402...
Thu Jul 21 15:24:22 EDT 2011

There is a somewhat experimental IP blacklist available at
http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
are things that are touched by the VRT's malware farm - and while we've done
some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
simply importing those lists and blocking them wholesale would probably be a
bad idea. I would suggest cross-referencing those lists with other IP
reputation blacklists available on the Internet.

Sourcefire is examining more "turn-key" list solutions for the future, but
for the time being this experimental list is all we have available.

2011/7/20 김무성 <kimms at ...3084...>

> Hello list.****
> I saw that release snort-2.9.1 RC.****
> There are some new function that added. It’s awesome.****
> One of them, ip reputation processor, it’s good idea.****
> ** **
> But important thing is a blacklist. Real blacklist.****
> Is there a blacklist which sourcefire provide to public?****
> Where can I get this list?****
> ** **
> ** **
> ------------------------------------------------------------------------------
> 10 Tips for Better Web Security
> Learn 10 ways to better secure your business today. Topics covered include:
> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
> security Microsoft Exchange, secure Instant Messaging, and much more.
> http://www.accelacomm.com/jaw/sfnl/114/51426210/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk at ...402...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110721/62040f7c/attachment.html>

More information about the Snort-devel mailing list