[Emerging-Sigs] IP Rules Direction

Dewhirst, Rob robdewhirst at gmail.com
Sat Oct 29 13:58:30 EDT 2011

I was encourage to pipe up in this thread based on a question I asked
on the OISF list.

FWIW, we run a lot of sensors on public systems and care less about
scans and compromised or hostile systems contacting our public web

On the other hand, we absolutely do want to know when one of our
systems makes an outbound connection to something in a blacklist.

More information about the Emerging-sigs mailing list