Snort mailing list archives
Country Block functionality in pre-processor
From: Mehma Sarja <mehmasarja () gmail com>
Date: Mon, 28 Feb 2011 18:40:03 -0800
Been running both country block and snort for the past few months and have one observation. Searched lists for similar discussion and did not find any. From what little I understand, the pre-processor rules are like a scouting party sent out by the military. Their job is to report on the approaching enemy. I am seeing one of the countries blocked being marked by the pre-processor and if true, have this one suggestion. If user selected to-block countries are somehow implemented in the pre-processors and requests from those IPs are dropped, it will free up firewall resources. In my case, I am blocking all but 4 countries for my home setup. Imagine the resource savings if snort does not have to hassle with 98% of the IPs trying to come in. Mehma ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Country Block functionality in pre-processor Mehma Sarja (Feb 28)
- Re: Country Block functionality in pre-processor Joel Esler (Mar 01)