Snort mailing list archives

Re: Fwd: IP Resolution

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 1 Jun 2012 09:50:51 -0400

You can use the IP reputation preprocessor to alert and block on IPs from countries you don't want to receive/send 
traffic from.  We are in planning for a feature set around your request.

-- 
Joel Esler


On Friday, June 1, 2012 at 9:24 AM, Michael Brown wrote:


Thank you,

Michael A. Brown
(Google Voice) (757) 912-0836
B.S. Information Technology: Network Specialist
A.A.S. Information Technology: Technical Support

"The only thing for the triumph of evil is for good men to do nothing" -Edmund Burke



---------- Forwarded message ----------
From: Michael Brown <mike.a.brown09 () gmail com (mailto:mike.a.brown09 () gmail com)>
Date: Fri, Jun 1, 2012 at 9:24 AM
Subject: IP Resolution
To: snort-users () lists sourceforge ne (mailto:snort-users () lists sourceforge ne)


I was wondering how I could set up snort or a script to take a set of IP addresses and resolve them so I can see what 
country the alerts are being generated through and then have them updated in a new column within the database? 
Ultimately I would like to get show the country's flag but I can work that out later. Any suggestions would be great 
or is this even possible? 

Thanks

Thank you,

Michael A. Brown
(Google Voice) (757) 912-0836 (tel:%28757%29%20912-0836)
B.S. Information Technology: Network Specialist
A.A.S. Information Technology: Technical Support

"The only thing for the triumph of evil is for good men to do nothing" -Edmund Burke


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net (mailto:Snort-users () lists sourceforge net)
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Fwd: IP Resolution Michael Brown (Jun 01)
- Re: Fwd: IP Resolution Peter Bates (Jun 01)
- Re: Fwd: IP Resolution Joel Esler (Jun 01)
- <Possible follow-ups>
- Re: Fwd: IP Resolution Michael Brown (Jun 01)