[Snort-users] VRT Domain name lists

Joel Esler jesler at ...1935...
Wed Jul 27 16:56:52 EDT 2011


It's too early to say.


On Jul 27, 2011, at 2:56 PM, snort user wrote:

> In the roadmap ahead, will IP reputation remain purely IP or will be
> extended for domain names, or is it too early to say?
> 
> Thanks
> 
> On Tue, Jul 26, 2011 at 6:35 PM, Joel Esler <jesler at ...1935...> wrote:
>> Snort 2.9.1 beta has an IP reputation preprocessor that is in development form.  We are not publishing a "blacklist" for import into Snort at this time.
>> 
>> I suggest a read of:
>> 
>> http://vrt-blog.snort.org/2011/02/blacklistrules-clamav-and-data-mining.html
>> 
>> 
>> Joel
>> 
>> On Jul 26, 2011, at 6:23 PM, snort user wrote:
>> 
>>> http://labs.snort.org/iplists/
>>> 
>>> There are several lists of domain name (blacklists?) in the above
>>> repo. Is there a mechanism in snort to use this? Are there any other
>>> program that consumes this in order to detect malicious dns queries?
>>> 
>>> 
>>> Thanks
>>> 
>>> ------------------------------------------------------------------------------
>>> Got Input?   Slashdot Needs You.
>>> Take our quick survey online.  Come on, we don't ask for help often.
>>> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
>>> http://p.sf.net/sfu/slashdot-survey
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> Please see http://www.snort.org/docs for documentation
>> 
>> 





More information about the Snort-users mailing list