[Oisf-users] Large list of domains in Suricata?
Rich Rumble
richrumble at gmail.com
Tue Mar 11 16:03:36 UTC 2014
On Tue, Mar 11, 2014 at 9:22 AM, mikael vingaard
<mikaelvingaard at gmail.com>wrote:
>
> I would like to use a large list of domains (100+) to block/alert in
> Suricata.
>
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2013-January/002271.html
I'd like to see SafeBrowsing brought to Suricata, you'd have to keep a
local copy of it to be very quick. IE and maybe a few hold out browsers
that don't use the safebrowsing API so it might not be all that worth while.
>
> Using a rule with {domain1,domain2,domain3} would be too cumbersome,
> but I has found a method of blocking MD5 sums (source
> http://blog.inliniac.net/2012/06/09/suricata-md5-blacklisting/)
> -almost similar to what I would like to achieve with domains.
>
Safebrowsing uses an alternate hashing method, and there are even other
search engines now with similar API's to googles:
http://api.yandex.com/safebrowsing/
https://developers.google.com/safe-browsing/
>
> Could someone assist me in writing a similar rule with domains
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140311/3c12b3d7/attachment-0002.html>
More information about the Oisf-users
mailing list