[Snort-users] [Snort-devel] blacklist file for reputation processor

Will Metcalf william.metcalf at ...11827...
Thu Jul 21 15:40:51 EDT 2011


Perhaps you should white-list RFC1918 addresses as well there are 10.
and 192.168. addy's in those lists. Emerging Threats has a list as
well..

http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

Regards,

Will

2011/7/21 Alex Kirk <akirk at ...1935...>:
> There is a somewhat experimental IP blacklist available at
> http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
> are things that are touched by the VRT's malware farm - and while we've done
> some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
> simply importing those lists and blocking them wholesale would probably be a
> bad idea. I would suggest cross-referencing those lists with other IP
> reputation blacklists available on the Internet.
> Sourcefire is examining more "turn-key" list solutions for the future, but
> for the time being this experimental list is all we have available.
>
> 2011/7/20 김무성 <kimms at ...14610...>
>>
>> Hello list.
>>
>> I saw that release snort-2.9.1 RC.
>>
>> There are some new function that added. It’s awesome.
>>
>> One of them, ip reputation processor, it’s good idea.
>>
>>
>>
>> But important thing is a blacklist. Real blacklist.
>>
>> Is there a blacklist which sourcefire provide to public?
>>
>> Where can I get this list?
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> 10 Tips for Better Web Security
>> Learn 10 ways to better secure your business today. Topics covered
>> include:
>> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
>> security Microsoft Exchange, secure Instant Messaging, and much more.
>> http://www.accelacomm.com/jaw/sfnl/114/51426210/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>
>
>
> --
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
>
> ------------------------------------------------------------------------------
> 5 Ways to Improve & Secure Unified Communications
> Unified Communications promises greater efficiencies for business. UC can
> improve internal communications as well as offer faster, more efficient ways
> to interact with customers and streamline customer service. Learn more!
> http://www.accelacomm.com/jaw/sfnl/114/51426253/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>




More information about the Snort-users mailing list