[Snort-users] Snort blacklisted IP Addresses
Asad, Hafiz ul
Hafiz-ul.Asad at city.ac.uk
Thu Mar 8 08:15:04 EST 2018
Thanks for this.
We have actually been getting these IPs from, http://labs.snort.org/feeds/ip-filter.blf , using pulledpork.
From: Joel Esler (jesler) <jesler at cisco.com>
Sent: Thursday, March 8, 2018 1:09:03 PM
To: Asad, Hafiz ul
Cc: Snort-users at lists.snort.org
Subject: Re: [Snort-users] Snort blacklisted IP Addresses
You mean the sample IP blacklist system that we distribute from talosintelligence.com<http://talosintelligence.com>?
We've been emphasizing Domain convictions over IP convictions (because of the amount of false positives from IP convictions). Which has resulted in the amount of IP addresses being convicted going down over time.
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Mar 8, 2018, at 4:52 AM, Asad, Hafiz ul via Snort-users <Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>> wrote:
We have been running an experiment last year, From May 2017 to October 2017, to monitor how blacklisted IP addresses used by snort evolve over time. We observed a sharp decrease in the number of blacklisted IPs around 21 June 2017. This is also complemented by our study using suricata IDS. Could anyone suggest, as to what exactly happened around that time which caused this sharp decrease in the no. of blacklisted IP addresses.
City,University of London
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users