[Snort-users] Blocking Domain name like example.com

Ayodele Okeowo aymacro at ...11827...
Mon Dec 23 14:27:15 EST 2013


Thanks Waldo. I'll give it a try today and let you know before by Friday.

Happy Holidays!

Ayo


On Mon, Dec 23, 2013 at 2:18 PM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 12/23/2013 8:50 AM, Ayodele Okeowo wrote:
> > Yes, existing DNS rules which alert based on domain names. I don't seem
> to
> > find that in my list of rules.
>
> you are probably using only the VRT rules, then... i believe you will find
> something similar to what you are looking for in the emergingthreats rules
> sets...
>
> start here http://rules.emergingthreats.net/open/snort-2.9.0/rules/ and
> look in
> the dns rules set... then search for "query for suspicious" for examples
> you
> should be able to clone and modify for your specific needs... one domain
> per
> rule gives the best granularity ;)
>
> > Also How do I use it if I find it?
>
> just like any other of the text based rules...
>
> > Can it be used just like when I'm using the whitelist/blacklist rules?
>
> not that i'm aware of...
>
> >
> > Sorry I couldn't reply early.
>
> not a problem ;)
>
> > Ayo
> >
> >
> > On Sat, Dec 21, 2013 at 6:31 PM, waldo kitty <wkitty42 at ...14940...>
> > wrote:
> >
> > On 12/21/2013 10:56 AM, Ayodele Okeowo wrote:
> >> Hello guys,
> >>
> >> Is there a way to build a list of website names to be blocked by Snort?
> Or
> >>  I should just included the domain names within my alert or drop rules?
> >
> > do you mean something like existing DNS rules that alert based on domain
> > names used for know malware distribution? ;)
>
> --
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131223/77ab75f1/attachment.html>


More information about the Snort-users mailing list