[Emerging-Sigs] IP Rules Direction

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Oct 31 13:45:19 EST 2011


Thanks Rob.

So… is your preference bi-directional rules, or dual rulesets?

Or waiting till ip_reputation is functional. :)

Matt


On Oct 29, 2011, at 1:58 PM, Dewhirst, Rob wrote:

> I was encourage to pipe up in this thread based on a question I asked
> on the OISF list.
> 
> FWIW, we run a lot of sensors on public systems and care less about
> scans and compromised or hostile systems contacting our public web
> servers.
> 
> On the other hand, we absolutely do want to know when one of our
> systems makes an outbound connection to something in a blacklist.
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!


----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list