Known Compromised Hosts
This ruleset is compiled from a number of sources. It's contents are hosts that are known to be compromised by bots, phishing sites, etc, or known to be spewing hostile traffic. These are not your everyday infected and sending a bit of spam hosts, these are significantly infected and hostile hosts.
Brute Force Blocker
And the Emerging Threats Sandnet and SidReporter
If you have a source of IPs you'd like to add to the list please email firstname.lastname@example.org
Sids are in the range 240800-2408999 for normal version, 2409000-2409999 for the Snortsam blocking versions.
Note: This list no longer includes the RBN (RussianBusinessNetwork
) hosts. These are in a standalone ruleset.
Note: Original lists were in the 2500-3000 rule range, which ended up being a significant Snort load. We're keeping this ruleset under 1000 and things seem to be fine in most cases. But use caution if applying the entire ruleset to an already loaded sensor.
Known CompromisedHost List