[Oisf-users] Large list of domains in Suricata?

Rich Rumble richrumble at gmail.com
Tue Mar 11 16:03:36 UTC 2014

On Tue, Mar 11, 2014 at 9:22 AM, mikael vingaard
<mikaelvingaard at gmail.com>wrote:

> I would like to use a large list of domains (100+) to block/alert in
> Suricata.
I'd like to see SafeBrowsing brought to Suricata,  you'd have to keep a
local copy of it to be very quick. IE and maybe a few hold out browsers
that don't use the safebrowsing API so it might not be all that worth while.

> Using a rule with {domain1,domain2,domain3} would be too cumbersome,
> but I has found a method of blocking MD5 sums (source
> http://blog.inliniac.net/2012/06/09/suricata-md5-blacklisting/)
> -almost similar to what I would like to achieve with domains.
Safebrowsing uses an alternate hashing method, and there are even other
search engines now with similar API's to googles:

> Could someone assist me in writing a similar rule with domains
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140311/3c12b3d7/attachment-0002.html>

More information about the Oisf-users mailing list