Snort mailing list archives
Reputation clarification
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 7 Sep 2011 10:04:18 -0600
Hey all! So…I’m doing my upgrade to 2.9.1….very excited. A (possibly idiotic ;)) question I have on the Reputation preprocessor…this is really just an IP based black/whitelist yes? If so, what would be the difference for “whitelisting” via startup command verses using the whitelist, say with: snort –c snort.conf ip and not host bleh Also, if I’m reading the below right, does this mean that EVERY time a packet goes to google.com I’ll get an alert? Thanks all. James From the manual: Use case A user wants to protect his/her network from unwanted/unknown IPs, only allowing some trusted IPs. Here is the configuration: preprocessor reputation: \ blacklist /etc/snort/default.blacklist whitelist /etc/snort/default.whitelist In file "default.blacklist" # These two entries will match all ipv4 addresses 1.0.0.0/1 128.0.0.0/1 In file "default.whitelist" 68.177.102.22 # sourcefire.com 74.125.93.104 # google.com Reputation preprocessor uses GID 136 to register events. SID Description 1 Packet is blacklisted. 2 Packet is whitelisted. ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Reputation clarification Lay, James (Sep 07)
- Re: Reputation clarification Russ Combs (Sep 07)
- Re: Reputation clarification Lay, James (Sep 07)
- Re: Reputation clarification Russ Combs (Sep 07)