Snort mailing list archives

Re: blacklist file for reputation processor

From: Alex Kirk <akirk () sourcefire com>
Date: Thu, 21 Jul 2011 15:24:22 -0400

There is a somewhat experimental IP blacklist available at
http://labs.snort.org/iplists/, updated on a daily basis. Those IP addresses
are things that are touched by the VRT's malware farm - and while we've done
some basic whitelisting (i.e. google.com's IP shouldn't show up in there),
simply importing those lists and blocking them wholesale would probably be a
bad idea. I would suggest cross-referencing those lists with other IP
reputation blacklists available on the Internet.

Sourcefire is examining more "turn-key" list solutions for the future, but
for the time being this experimental list is all we have available.

2011/7/20 김무성 <kimms () infosec co kr>

Hello list.****

I saw that release snort-2.9.1 RC.****

There are some new function that added. It’s awesome.****

One of them, ip reputation processor, it’s good idea.****

** **

But important thing is a blacklist. Real blacklist.****

Is there a blacklist which sourcefire provide to public?****

Where can I get this list?****

** **

** **


------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com

------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can 
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

blacklist file for reputation processor 김무성 (Jul 20)
- Re: blacklist file for reputation processor Alex Kirk (Jul 21)
  - Re: blacklist file for reputation processor Will Metcalf (Jul 21)
    - Re: blacklist file for reputation processor Steven Sturges (Jul 21)
    - Re: [Snort-users] blacklist file for reputation processor Matthew Jonkman (Jul 21)
    - Re: [Snort-users] blacklist file for reputation processor Joel Esler (Jul 21)
    - Re: [Snort-users] blacklist file for reputation processor Pablo (Jul 21)
    - Re: [Snort-users] blacklist file for reputation processor 김무성 (Jul 26)
    - building a local IP reputation 김무성 (Jul 26)
    - Re: [Snort-users] blacklist file for reputation processor Matthew Jonkman (Jul 26)
    - Re: blacklist file for reputation processor Will Metcalf (Jul 21)