[Snort-devel] blacklist file for reputation processor

Will Metcalf william.metcalf at ...2499...
Thu Jul 21 15:59:45 EDT 2011


> The preprocessor has a config setting to ignore RFC1918 addresses,
> so no need to whitelist.

Ahh indeed and is disabled by default, unless you toggle scan_local.
/me runs off to RTFM with a side of humble pie.

Regards,

Will

2011/7/21 Steven Sturges <ssturges at ...402...>:
> The preprocessor has a config setting to ignore RFC1918 addresses,
> so no need to whitelist.
>
> Of course you can also blacklist your 192.168.1.1 router if
> you really want to.  ;)
>
> -steve
>
> On 7/21/11 3:40 PM, Will Metcalf wrote:
>> Perhaps you should white-list RFC1918 addresses as well there are 10.
>> and 192.168. addy's in those lists. Emerging Threats has a list as
>> well..
>>
>> http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
>>
>> Regards,
>>
>> Will
>>
>> 2011/7/21 Alex Kirk<akirk at ...402...>:
>>> There is a somewhat experimental IP blacklist available at
>>> http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
>>> are things that are touched by the VRT's malware farm - and while we've done
>>> some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
>>> simply importing those lists and blocking them wholesale would probably be a
>>> bad idea. I would suggest cross-referencing those lists with other IP
>>> reputation blacklists available on the Internet.
>>> Sourcefire is examining more "turn-key" list solutions for the future, but
>>> for the time being this experimental list is all we have available.
>>>
>>> 2011/7/20 김무성<kimms at ...3084...>
>>>>
>>>> Hello list.
>>>>
>>>> I saw that release snort-2.9.1 RC.
>>>>
>>>> There are some new function that added. It's awesome.
>>>>
>>>> One of them, ip reputation processor, it's good idea.
>>>>
>>>>
>>>>
>>>> But important thing is a blacklist. Real blacklist.
>>>>
>>>> Is there a blacklist which sourcefire provide to public?
>>>>
>>>> Where can I get this list?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> 10 Tips for Better Web Security
>>>> Learn 10 ways to better secure your business today. Topics covered
>>>> include:
>>>> Web security, SSL, hacker attacks&  Denial of Service (DoS), private keys,
>>>> security Microsoft Exchange, secure Instant Messaging, and much more.
>>>> http://www.accelacomm.com/jaw/sfnl/114/51426210/
>>>> _______________________________________________
>>>> Snort-devel mailing list
>>>> Snort-devel at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>
>>>
>>>
>>>
>>> --
>>> Alex Kirk
>>> AEGIS Program Lead
>>> Sourcefire Vulnerability Research Team
>>> +1-410-423-1937
>>> alex.kirk at ...402...
>>>
>>> ------------------------------------------------------------------------------
>>> 5 Ways to Improve&  Secure Unified Communications
>>> Unified Communications promises greater efficiencies for business. UC can
>>> improve internal communications as well as offer faster, more efficient ways
>>> to interact with customers and streamline customer service. Learn more!
>>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> 5 Ways to Improve&  Secure Unified Communications
>> Unified Communications promises greater efficiencies for business. UC can
>> improve internal communications as well as offer faster, more efficient ways
>> to interact with customers and streamline customer service. Learn more!
>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list