Snort mailing list archives
Re: Snort rules: TOR Servers
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 7 Feb 2013 23:32:00 -0500
On Feb 7, 2013, at 11:20 PM, David Cottam <cot07001 () byui edu> wrote:
Hello, I am configuring a snort server and am looking for a good way to detect what torrent servers are being accessed and perhaps block them. I have not been able to find anything useful online. Who can help me with TOR rules?
We have the TOR exit nodes in our blacklist technology which you can use the IP reputation preprocessor to load up. The feed is here: http://labs.snort.org/feeds/ip-filter.blf The next release of Pulledpork (or the one in svn right now) has this built in. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rules: TOR Servers David Cottam (Feb 07)
- Re: Snort rules: TOR Servers Joel Esler (Feb 07)