r3 - 25 Feb 2011 - 16:07:57 - MattJonkmanYou are here: TWiki > 
Main Web > UserDocs > AllRulesets > ShadowServerCC
Main Web > UserDocs > AllRulesets > ShadowServerCCShadowserver.org Known Command and Control Rules
This ruleset takes a daily list of the known CnC? Servers as researched by Shadowserver.org, Abuse.ch, and other private sources and converts them into Snort/Suricata signatures and Firewall rules. These IPs are updates every 24 hours and should be considered VERY highly reliable indications that a host is communicating with a known and active Bot or Malware command and control server. Rules are available here: Shadowserver Botnet Command and Control Server Rules (ShadowServerCC): Sid Range info: 2404000-2404999 Shadowserver.org Bot C&C List — Updated Daily 2405000-2405999 Shadowserver.org Bot C&C List with fwsam Drop Statements– Updated Daily Firewall Rules http://rules.emergingthreats.net/fwrules
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback