On Wed, Jun 27, 2012 at 2:48 PM, dan (ddp) <[email protected]> wrote: > On Fri, Jun 15, 2012 at 7:08 AM, C. L. Martinez <[email protected]> wrote: >> Hi all, >> >> Somebody knows some confident reputation lists to use with OSSEC like >> for example >> http://labs.alienvault.com/labs/index.php/projects/open-source-ip-reputation-portal/download-ip-reputation-database?? >> >> Thanks. > > OSSEC doesn't really support reputations. It's pretty black or white, > although I guess you could do something with rule levels. > > I use a number of sites like http://www.malwaredomainlist.com/ to > create lists of suspected bad domains. I then monitor my DNS logs with > OSSEC and compare the queried domains to a cdb of suspected bad > domains. I can also check the responses for IPs that I find to be > suspicious.
Thanks Dan. I am using same procedure to accomplish this ... but I am interested in these sites. Actually I am using RBN IP list provided by Suricata rules ...Apart of of malwaredomainlist.com, some more sites??
