Snort mailing list archives
Re: Snort blacklisted IP Addresses
From: "Asad, Hafiz ul via Snort-users" <snort-users () lists snort org>
Date: Thu, 8 Mar 2018 14:44:08 +0000
Thanks for confirming this. Attached is the grapph of how the snort blacklist IPs evolved. Could you please confirm that the dips in this graph correspond with periods where you have removed IP addresses that were suspected of being false positives? I will be thankful. Best regards, Asad ________________________________ From: Joel Esler (jesler) <jesler () cisco com> Sent: Thursday, March 8, 2018 1:34:33 PM To: Asad, Hafiz ul Cc: Snort-users () lists snort org Subject: Re: [Snort-users] Snort blacklisted IP Addresses Yes. That redirects over to Talosintelligence.com<http://Talosintelligence.com>. That’s the list I am talking about Sent from my iPhone On Mar 8, 2018, at 08:15, Asad, Hafiz ul <Hafiz-ul.Asad () city ac uk<mailto:Hafiz-ul.Asad () city ac uk>> wrote: Thanks for this. We have actually been getting these IPs from, http://labs.snort.org/feeds/ip-filter.blf , using pulledpork. Asad ________________________________ From: Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> Sent: Thursday, March 8, 2018 1:09:03 PM To: Asad, Hafiz ul Cc: Snort-users () lists snort org<mailto:Snort-users () lists snort org> Subject: Re: [Snort-users] Snort blacklisted IP Addresses You mean the sample IP blacklist system that we distribute from talosintelligence.com<http://talosintelligence.com>? We've been emphasizing Domain convictions over IP convictions (because of the amount of false positives from IP convictions). Which has resulted in the amount of IP addresses being convicted going down over time. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Mar 8, 2018, at 4:52 AM, Asad, Hafiz ul via Snort-users <Snort-users () lists snort org<mailto:Snort-users () lists snort org>> wrote: Snort Users, We have been running an experiment last year, From May 2017 to October 2017, to monitor how blacklisted IP addresses used by snort evolve over time. We observed a sharp decrease in the number of blacklisted IPs around 21 June 2017. This is also complemented by our study using suricata IDS. Could anyone suggest, as to what exactly happened around that time which caused this sharp decrease in the no. of blacklisted IP addresses. Best Regards, Asad City,University of London _______________________________________________ Snort-users mailing list Snort-users () lists snort org<mailto:Snort-users () lists snort org> Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort blacklisted IP Addresses Asad, Hafiz ul via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Joel Esler (jesler) via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Asad, Hafiz ul via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Joel Esler (jesler) via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Asad, Hafiz ul via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Joel Esler (jesler) via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Asad, Hafiz ul via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Asad, Hafiz ul via Snort-users (Mar 08)
- Re: Snort blacklisted IP Addresses Joel Esler (jesler) via Snort-users (Mar 08)