[Snort-users] [Snort-devel] blacklist file for reputation processor

Matthew Jonkman jonkman at ...15020...
Thu Jul 21 15:51:28 EDT 2011


Can we feed categories or anything in there, or is this just blocking?

Will rule directive be coming so we can query reputation within a stream?

Thanks Steve!

Matt


On Jul 21, 2011, at 3:49 PM, Steven Sturges wrote:

> The preprocessor has a config setting to ignore RFC1918 addresses,
> so no need to whitelist.
> 
> Of course you can also blacklist your 192.168.1.1 router if
> you really want to.  ;)
> 
> -steve
> 
> On 7/21/11 3:40 PM, Will Metcalf wrote:
>> Perhaps you should white-list RFC1918 addresses as well there are 10.
>> and 192.168. addy's in those lists. Emerging Threats has a list as
>> well..
>> 
>> http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
>> 
>> Regards,
>> 
>> Will
>> 
>> 2011/7/21 Alex Kirk<akirk at ...1935...>:
>>> There is a somewhat experimental IP blacklist available at
>>> http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
>>> are things that are touched by the VRT's malware farm - and while we've done
>>> some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
>>> simply importing those lists and blocking them wholesale would probably be a
>>> bad idea. I would suggest cross-referencing those lists with other IP
>>> reputation blacklists available on the Internet.
>>> Sourcefire is examining more "turn-key" list solutions for the future, but
>>> for the time being this experimental list is all we have available.
>>> 
>>> 2011/7/20 김무성<kimms at ...14610...>
>>>> 
>>>> Hello list.
>>>> 
>>>> I saw that release snort-2.9.1 RC.
>>>> 
>>>> There are some new function that added. It’s awesome.
>>>> 
>>>> One of them, ip reputation processor, it’s good idea.
>>>> 
>>>> 
>>>> 
>>>> But important thing is a blacklist. Real blacklist.
>>>> 
>>>> Is there a blacklist which sourcefire provide to public?
>>>> 
>>>> Where can I get this list?
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> 10 Tips for Better Web Security
>>>> Learn 10 ways to better secure your business today. Topics covered
>>>> include:
>>>> Web security, SSL, hacker attacks&  Denial of Service (DoS), private keys,
>>>> security Microsoft Exchange, secure Instant Messaging, and much more.
>>>> http://www.accelacomm.com/jaw/sfnl/114/51426210/
>>>> _______________________________________________
>>>> Snort-devel mailing list
>>>> Snort-devel at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Alex Kirk
>>> AEGIS Program Lead
>>> Sourcefire Vulnerability Research Team
>>> +1-410-423-1937
>>> alex.kirk at ...1935...
>>> 
>>> ------------------------------------------------------------------------------
>>> 5 Ways to Improve&  Secure Unified Communications
>>> Unified Communications promises greater efficiencies for business. UC can
>>> improve internal communications as well as offer faster, more efficient ways
>>> to interact with customers and streamline customer service. Learn more!
>>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>> 
>>> 
>> 
>> ------------------------------------------------------------------------------
>> 5 Ways to Improve&  Secure Unified Communications
>> Unified Communications promises greater efficiencies for business. UC can
>> improve internal communications as well as offer faster, more efficient ways
>> to interact with customers and streamline customer service. Learn more!
>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
> ------------------------------------------------------------------------------
> 5 Ways to Improve & Secure Unified Communications
> Unified Communications promises greater efficiencies for business. UC can 
> improve internal communications as well as offer faster, more efficient ways
> to interact with customers and streamline customer service. Learn more!
> http://www.accelacomm.com/jaw/sfnl/114/51426253/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please see http://www.snort.org/docs for documentation


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc







More information about the Snort-users mailing list