Snort mailing list archives

Re: Snort rules: TOR Servers

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 7 Feb 2013 23:32:00 -0500

On Feb 7, 2013, at 11:20 PM, David Cottam <cot07001 () byui edu> wrote:

Hello,
I am configuring a snort server and am looking for a good way to detect what torrent servers are being accessed and 
perhaps block them.  I have not been able to find anything useful online.

Who can help me with TOR rules?


We have the TOR exit nodes in our blacklist technology which you can use the IP reputation preprocessor to load up.

The feed is here:
http://labs.snort.org/feeds/ip-filter.blf

The next release of Pulledpork (or the one in svn right now) has this built in.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort rules: TOR Servers David Cottam (Feb 07)
- Re: Snort rules: TOR Servers Joel Esler (Feb 07)