On Thu, Jun 28, 2012 at 2:04 AM, C. L. Martinez <[email protected]> wrote: > On Wed, Jun 27, 2012 at 2:48 PM, dan (ddp) <[email protected]> wrote: >> On Fri, Jun 15, 2012 at 7:08 AM, C. L. Martinez <[email protected]> wrote: >>> Hi all, >>> >>> Somebody knows some confident reputation lists to use with OSSEC like >>> for example >>> http://labs.alienvault.com/labs/index.php/projects/open-source-ip-reputation-portal/download-ip-reputation-database?? >>> >>> Thanks. >> >> OSSEC doesn't really support reputations. It's pretty black or white, >> although I guess you could do something with rule levels. >> >> I use a number of sites like http://www.malwaredomainlist.com/ to >> create lists of suspected bad domains. I then monitor my DNS logs with >> OSSEC and compare the queried domains to a cdb of suspected bad >> domains. I can also check the responses for IPs that I find to be >> suspicious. > > Thanks Dan. I am using same procedure to accomplish this ... but I am > interested in these sites. Actually I am using RBN IP list provided by > Suricata rules ...Apart of of malwaredomainlist.com, some more sites??
I'm also using: https://zeustracker.abuse.ch ttp://isc.sans.edu/feeds/suspiciousdomains_High.txt https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt http://sucuri.net/blacklist/MS-iplist.txt
