[Snort-users] [Snort-devel] blacklist file for reputation processor

Steven Sturges ssturges at ...1935...
Thu Jul 21 15:49:22 EDT 2011


The preprocessor has a config setting to ignore RFC1918 addresses,
so no need to whitelist.

Of course you can also blacklist your 192.168.1.1 router if
you really want to.  ;)

-steve

On 7/21/11 3:40 PM, Will Metcalf wrote:
> Perhaps you should white-list RFC1918 addresses as well there are 10.
> and 192.168. addy's in those lists. Emerging Threats has a list as
> well..
> 
> http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
> 
> Regards,
> 
> Will
> 
> 2011/7/21 Alex Kirk<akirk at ...1935...>:
>> There is a somewhat experimental IP blacklist available at
>> http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
>> are things that are touched by the VRT's malware farm - and while we've done
>> some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
>> simply importing those lists and blocking them wholesale would probably be a
>> bad idea. I would suggest cross-referencing those lists with other IP
>> reputation blacklists available on the Internet.
>> Sourcefire is examining more "turn-key" list solutions for the future, but
>> for the time being this experimental list is all we have available.
>>
>> 2011/7/20 김무성<kimms at ...14610...>
>>>
>>> Hello list.
>>>
>>> I saw that release snort-2.9.1 RC.
>>>
>>> There are some new function that added. It’s awesome.
>>>
>>> One of them, ip reputation processor, it’s good idea.
>>>
>>>
>>>
>>> But important thing is a blacklist. Real blacklist.
>>>
>>> Is there a blacklist which sourcefire provide to public?
>>>
>>> Where can I get this list?
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> 10 Tips for Better Web Security
>>> Learn 10 ways to better secure your business today. Topics covered
>>> include:
>>> Web security, SSL, hacker attacks&  Denial of Service (DoS), private keys,
>>> security Microsoft Exchange, secure Instant Messaging, and much more.
>>> http://www.accelacomm.com/jaw/sfnl/114/51426210/
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>
>>
>>
>> --
>> Alex Kirk
>> AEGIS Program Lead
>> Sourcefire Vulnerability Research Team
>> +1-410-423-1937
>> alex.kirk at ...1935...
>>
>> ------------------------------------------------------------------------------
>> 5 Ways to Improve&  Secure Unified Communications
>> Unified Communications promises greater efficiencies for business. UC can
>> improve internal communications as well as offer faster, more efficient ways
>> to interact with customers and streamline customer service. Learn more!
>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>>
> 
> ------------------------------------------------------------------------------
> 5 Ways to Improve&  Secure Unified Communications
> Unified Communications promises greater efficiencies for business. UC can
> improve internal communications as well as offer faster, more efficient ways
> to interact with customers and streamline customer service. Learn more!
> http://www.accelacomm.com/jaw/sfnl/114/51426253/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-users mailing list