|
|
|
IP Blacklisting Version 2 for Snort 2.8.4.1 available |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
IP Blacklisting Version 2 for Snort 2.8.4.1 available Par Security SauceLe [2009-06-08] à 20:06:40
Présentation : I found myself with 9 hours to kill on an airplane ride this weekend so I coded up the two features I've been hearing the most for the original IP Blacklisting patch I wrote. The first new feature was to be able to associate a name with a blacklist and have that name produced in the event that Snort outputs. The second feature was to be able to load blacklists from external files so that very large blacklists could be maintained without having to modify the snort.conf file. Both of these features are now available in version 2 of the patch. Direct loading of the IP address lists from the snort.conf preprocessor directive is no longer supported, you have to use the external files. Here is a sample directive for snort.conf: preprocessor iplist: blacklist dshield /etc/snort/dshield.blacklist blacklist sourcefire /etc/snort/sourcefire.blacklist whitelist /etc/snort/default.whitelist And here is a sample blacklist file: # This is a blacklist file, there are many like it but this one is mine # Comments are supported 10.1.1.0/24 192.168.0.0/16 # I can do inline comments too and put # multiple CIDR blocks on one line 172.16.16.17/32 172.16.15.14/32 # Whatever you like As per usual, bug reports and feature requests can be sent directly to me. I still haven't done any performance testing of this code so your mileage may vary. I'd be interested to hear of any comparisons of the performance of this code vs the Emerging Threats blacklist. Tested on Ubuntu, Fedora and OS X only so far. You can get the patch here: http://www.snort.org/users/roesch/code/iplist.patch.v2.tgz Technorati Tags: cybersecurity, open source, snort, sourcefire, tools []
Les mots clés de la revue de presse pour cet article : snort
Les videos sur SecuObs pour les mots clés : snort
Les mots clés pour les articles publiés sur SecuObs : snort
Les éléments de la revue Twitter pour les mots clé : snort
Les derniers articles du site "Security Sauce" :
- IP Blacklisting Version 2 for Snort 2.8.4.1 available
- IP Blacklisting for Snort 2.8.4.1 available
- RSA 2009
- Snort 3.0 Beta 3 Released
- Saving the data on an iPhone in Recovery Mode
- MacBook Pro and the slow-motion beachball of death crash
- So, here we are...
- Missing BlackHat
- CtrlAltItsNeat!
- Off to London
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
