[Snort-users] Fwd: IP Resolution

Joel Esler jesler at ...1935...
Fri Jun 1 09:50:51 EDT 2012


You can use the IP reputation preprocessor to alert and block on IPs from countries you don't want to receive/send traffic from.  We are in planning for a feature set around your request.

-- 
Joel Esler


On Friday, June 1, 2012 at 9:24 AM, Michael Brown wrote:

> 
> Thank you,
> 
> Michael A. Brown
> (Google Voice) (757) 912-0836
> B.S. Information Technology: Network Specialist
> A.A.S. Information Technology: Technical Support
> 
> "The only thing for the triumph of evil is for good men to do nothing" -Edmund Burke
> 
> 
> 
> ---------- Forwarded message ----------
> From: Michael Brown <mike.a.brown09 at ...11827... (mailto:mike.a.brown09 at ...11827...)>
> Date: Fri, Jun 1, 2012 at 9:24 AM
> Subject: IP Resolution
> To: snort-users at ...3893... (mailto:snort-users at ...3893...)
> 
> 
> I was wondering how I could set up snort or a script to take a set of IP addresses and resolve them so I can see what country the alerts are being generated through and then have them updated in a new column within the database? Ultimately I would like to get show the country's flag but I can work that out later. Any suggestions would be great or is this even possible? 
> 
> Thanks
> 
> Thank you,
> 
> Michael A. Brown
> (Google Voice) (757) 912-0836 (tel:%28757%29%20912-0836)
> B.S. Information Technology: Network Specialist
> A.A.S. Information Technology: Technical Support
> 
> "The only thing for the triumph of evil is for good men to do nothing" -Edmund Burke
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net (mailto:Snort-users at lists.sourceforge.net)
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120601/fbb14105/attachment.html>


More information about the Snort-users mailing list