[Snort-users] VRT Domain name lists

snort user snort.user at ...11827...
Wed Jul 27 14:56:04 EDT 2011


In the roadmap ahead, will IP reputation remain purely IP or will be
extended for domain names, or is it too early to say?

Thanks

On Tue, Jul 26, 2011 at 6:35 PM, Joel Esler <jesler at ...1935...> wrote:
> Snort 2.9.1 beta has an IP reputation preprocessor that is in development form.  We are not publishing a "blacklist" for import into Snort at this time.
>
> I suggest a read of:
>
> http://vrt-blog.snort.org/2011/02/blacklistrules-clamav-and-data-mining.html
>
>
> Joel
>
> On Jul 26, 2011, at 6:23 PM, snort user wrote:
>
>> http://labs.snort.org/iplists/
>>
>> There are several lists of domain name (blacklists?) in the above
>> repo. Is there a mechanism in snort to use this? Are there any other
>> program that consumes this in order to detect malicious dns queries?
>>
>>
>> Thanks
>>
>> ------------------------------------------------------------------------------
>> Got Input?   Slashdot Needs You.
>> Take our quick survey online.  Come on, we don't ask for help often.
>> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
>> http://p.sf.net/sfu/slashdot-survey
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please see http://www.snort.org/docs for documentation
>
>




More information about the Snort-users mailing list