[Snort-users] Reputation Preprocessor

Joel Esler jesler at ...1935...
Tue Sep 25 10:28:20 EDT 2012


On Sep 25, 2012, at 5:04 AM, Yonas Abebe <jonasabebe at ...11827...> wrote:

> Does the reputation preprocessor of Snort simply drops packets coming from/to IP addresses listed in black list file?

Yes.  The whitelist file tells Snort explicitly "Do not block these"

> Or do I have to create rules for those IP addresses in the the black list file? 

There should be two rules to uncomment in the preprocessor.rules file in order to make it work properly.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120925/c5c2935b/attachment.html>


More information about the Snort-users mailing list