[Emerging-Sigs] CPAN.ORG on list

Kevin Ross kevross33 at googlemail.com
Wed Oct 26 15:37:24 EDT 2011


I have no idea who thought this was a good idea for package though. Strange
it was including seeing as you have enterprise level features (virtual IPs,
failover, reporting, extensive firewall options etc) so it is aimed from
home user to perhaps a few enterprise level clients who maybe don't want to
pay for a Cisco ASA, Checkpoint etc and then you have a package which
results in potentially illegal actions.



On 26 October 2011 20:26, Kevin Ross <kevross33 at googlemail.com> wrote:

> Yup in RBN for network.
>
> I moved off smoothwall at the weekend due to Snort 2.6.1 EOL and I really
> like it. I like the countryblock and the ability to use aliases in firewall
> rules with being able to point it at a URL containing IP/Network list and
> then create firewall rule from that (it updates periodically). So now I have
> firewall blocks automatically updating for these things :D I do miss the
> blackhole DNS mod though. Snort.conf in it seems generated on start though
> and doesn't containg necessary zlib configurations and other things so not
> ideal.
>
> ping www.cpan.org
> PING cpan-global.l.develooper.org (212.117.177.118) 56(84) bytes of data.
> 64 bytes from ip-212-117-177-118.as5577.net (212.117.177.118): icmp_req=1
> ttl=53 time=27.1 ms
> 64 bytes from ip-212-117-177-118.as5577.net (212.117.177.118): icmp_req=2
> ttl=53 time=25.5 ms
> 64 bytes from ip-212-117-177-118.as5577.net (212.117.177.118): icmp_req=3
> ttl=53 time=26.8 ms
> 64 bytes from ip-212-117-177-118.as5577.net (212.117.177.118): icmp_req=4
> ttl=53 time=25.8 ms
>
>
>
>
> On 26 October 2011 20:07, waldo kitty <wkitty42 at windstream.net> wrote:
>
>> On 10/26/2011 14:52, Kevin Ross wrote:
>> > No idea which list it is on as I am importing dhsield, RBN, botcnc,
>> ciarmy,
>> > compromised into pfsense aliases and doing inbound & outbound blocking
>> but
>> > cpan.org <http://cpan.org> is being blocked 212.117.177.118. Why? Need
>> to create
>> > myself an ACL above block rules now :( lol
>>
>> i don't find that IP in any of the ET or SF rules on my smoothie...
>>
>> grep -i -E "212\.117\.177\.118" *basepath*/snort/*/*.rules
>>
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at emergingthreats.net
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
>> Current!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111026/3b17ff26/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot.png
Type: image/png
Size: 107912 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111026/3b17ff26/Screenshot-0001.png


More information about the Emerging-sigs mailing list