Snort mailing list archives
Re: Blocking Domain name like example.com
From: Ayodele Okeowo <aymacro () gmail com>
Date: Mon, 23 Dec 2013 14:27:15 -0500
Thanks Waldo. I'll give it a try today and let you know before by Friday. Happy Holidays! Ayo On Mon, Dec 23, 2013 at 2:18 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 12/23/2013 8:50 AM, Ayodele Okeowo wrote:Yes, existing DNS rules which alert based on domain names. I don't seemtofind that in my list of rules.you are probably using only the VRT rules, then... i believe you will find something similar to what you are looking for in the emergingthreats rules sets... start here http://rules.emergingthreats.net/open/snort-2.9.0/rules/ and look in the dns rules set... then search for "query for suspicious" for examples you should be able to clone and modify for your specific needs... one domain per rule gives the best granularity ;)Also How do I use it if I find it?just like any other of the text based rules...Can it be used just like when I'm using the whitelist/blacklist rules?not that i'm aware of...Sorry I couldn't reply early.not a problem ;)Ayo On Sat, Dec 21, 2013 at 6:31 PM, waldo kitty <wkitty42 () windstream net> wrote: On 12/21/2013 10:56 AM, Ayodele Okeowo wrote:Hello guys, Is there a way to build a list of website names to be blocked by Snort?OrI should just included the domain names within my alert or drop rules?do you mean something like existing DNS rules that alert based on domain names used for know malware distribution? ;)-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Blocking Domain name like example.com Ayodele Okeowo (Dec 21)
- Re: Blocking Domain name like example.com waldo kitty (Dec 21)
- Re: Blocking Domain name like example.com Ayodele Okeowo (Dec 23)
- Re: Blocking Domain name like example.com waldo kitty (Dec 23)
- Re: Blocking Domain name like example.com Ayodele Okeowo (Dec 23)
- Re: Blocking Domain name like example.com Ayodele Okeowo (Dec 23)
- Re: Blocking Domain name like example.com waldo kitty (Dec 21)