[Snort-users] Need an efficient way to generate rules for URL Filtering
Rodgers, Anthony (DTMB)
RodgersA1 at ...17120...
Sat Mar 21 13:01:20 EDT 2015
I’m not sure that Snort is the best tool for this – have you considered a DNS blackhole?
Michigan Security Operations Center (MiSOC)
DTMB, Michigan Cyber Security
From: Rishabh Shah [mailto:rishabh420 at ...11827...]
Sent: Friday, March 20, 2015 08:05
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Need an efficient way to generate rules for URL Filtering
Hi Snort Team,
Hope you are doing well.
I have a database of 1000 URLs that I want to block using Snort. Do I need to create 1000 separate rules to block each of them? Wouldn't there be a performance hit if I have a separate rule for each one of them(consider my database increases to 10K URLs)? Any alternatives that could achieve my aim?
FYI, this is how my rule looks today:
reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com<http://youtube.com>"; http_uri; react: msg;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users