'Re: [Snort-devel] blacklist file for reputation processor'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    Re: [Snort-devel] blacklist file for reputation processor
From:       Will Metcalf <william.metcalf () gmail ! com>
Date:       2011-07-21 19:59:45
Message-ID: CAO0nrJZrfB=Ju6F-cHmXVt8TJtuaQgKRee3NOuG_aLHWxhMr-Q () mail ! gmail ! com
[Download RAW message or body]

> The preprocessor has a config setting to ignore RFC1918 addresses,
> so no need to whitelist.

Ahh indeed and is disabled by default, unless you toggle scan_local.
/me runs off to RTFM with a side of humble pie.

Regards,

Will

2011/7/21 Steven Sturges <ssturges@sourcefire.com>:
> The preprocessor has a config setting to ignore RFC1918 addresses,
> so no need to whitelist.
>
> Of course you can also blacklist your 192.168.1.1 router if
> you really want to.  ;)
>
> -steve
>
> On 7/21/11 3:40 PM, Will Metcalf wrote:
>> Perhaps you should white-list RFC1918 addresses as well there are 10.
>> and 192.168. addy's in those lists. Emerging Threats has a list as
>> well..
>>
>> http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
>>
>> Regards,
>>
>> Will
>>
>> 2011/7/21 Alex Kirk<akirk@sourcefire.com>:
>>> There is a somewhat experimental IP blacklist available at
>>> http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
>>> are things that are touched by the VRT's malware farm - and while we've done
>>> some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
>>> simply importing those lists and blocking them wholesale would probably be a
>>> bad idea. I would suggest cross-referencing those lists with other IP
>>> reputation blacklists available on the Internet.
>>> Sourcefire is examining more "turn-key" list solutions for the future, but
>>> for the time being this experimental list is all we have available.
>>>
>>> 2011/7/20 김무성<kimms@infosec.co.kr>
>>>>
>>>> Hello list.
>>>>
>>>> I saw that release snort-2.9.1 RC.
>>>>
>>>> There are some new function that added. It's awesome.
>>>>
>>>> One of them, ip reputation processor, it's good idea.
>>>>
>>>>
>>>>
>>>> But important thing is a blacklist. Real blacklist.
>>>>
>>>> Is there a blacklist which sourcefire provide to public?
>>>>
>>>> Where can I get this list?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> 10 Tips for Better Web Security
>>>> Learn 10 ways to better secure your business today. Topics covered
>>>> include:
>>>> Web security, SSL, hacker attacks&  Denial of Service (DoS), private keys,
>>>> security Microsoft Exchange, secure Instant Messaging, and much more.
>>>> http://www.accelacomm.com/jaw/sfnl/114/51426210/
>>>> _______________________________________________
>>>> Snort-devel mailing list
>>>> Snort-devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>
>>>
>>>
>>>
>>> --
>>> Alex Kirk
>>> AEGIS Program Lead
>>> Sourcefire Vulnerability Research Team
>>> +1-410-423-1937
>>> alex.kirk@sourcefire.com
>>>
>>> ------------------------------------------------------------------------------
>>> 5 Ways to Improve&  Secure Unified Communications
>>> Unified Communications promises greater efficiencies for business. UC can
>>> improve internal communications as well as offer faster, more efficient ways
>>> to interact with customers and streamline customer service. Learn more!
>>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> 5 Ways to Improve&  Secure Unified Communications
>> Unified Communications promises greater efficiencies for business. UC can
>> improve internal communications as well as offer faster, more efficient ways
>> to interact with customers and streamline customer service. Learn more!
>> http://www.accelacomm.com/jaw/sfnl/114/51426253/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>

------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can 
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic