Re: Reputation Preprocessor

[Yonas Abebe <jonasabebe () gmail com>]

Hi Esler,

OK. Then i have a related question. Is there a way (if any) that i can pass
a black list file to snort from Mysql database at run time?

Thanks a lot
jonas

On Tue, Sep 25, 2012 at 5:28 PM, Joel Esler <jesler () sourcefire com> wrote:

> On Sep 25, 2012, at 5:04 AM, Yonas Abebe <jonasabebe () gmail com> wrote:
>
> Does the reputation preprocessor of Snort simply drops packets coming
> from/to IP addresses listed in black list file?
>
>
> Yes.  The whitelist file tells Snort explicitly "Do not block these"
>
> Or do I have to create rules for those IP addresses in the the black list
> file?
>
>
> There should be two rules to uncomment in the preprocessor.rules file in
> order to make it work properly.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!