- The Autoshun Shun List
- How to Exclude One IP from HOME_NET
- Autoshun Plugin
- Snort p0f Plugin
- Pepper Jack's Recommendations. This is a Snort source tree with p0f, timeofday, dayofweek, bastardlist, snortsam, and autoshun plug-ins already built-in.
- Pepper Jack's Snort plug-ins
- Interesting snort rulesets
- Wildcard "*" DNS snort rules
only use one of the bh dns rulesets - Pedantic Blackhole DNS snort rules
- Regex-from-hell Blackhole DNS snort rules
- Immortal Blackhole DNS snort rules 100 domains that have been bad forever.
only use one of the bh dns rulesets - Rules to alert on communications with one of the known storm C&C addresses
- snort rules for the Dec2008 IE7 exploit domains
- more detailed snort rules for the conficker worm domains
- more efficient snort rules for the conficker worm domains
- snort rules to alert on Zeus C&C IP addrs
- snort rules to alert on Zeus C&C domain Names
- snort rules to alert on Conficker domain Names
- snort rules to alert on SpyEye C&C IP addrs
- snort rules to alert on SpyEye C&C domain Names
- Wildcard "*" DNS snort rules
- Old arachnids stuff, just to see how it used to be done
- vision.conf 422 rules from October 2000
- vision18.conf the last (I think) ruleset from arachnids, 545 rules from July 2001
- Pepper Jack's LibChart-1.2 patches. The charts on this page were made (mostly) with libchart. I had to make some changes to libchart in order to get the vertical aspect ratio and the stacked line charts. Here is the patch. Or if you prefer, the already patched PHP source code.
Welcome
AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
With the Autoshun plugin installed you can contribute alerts from your IDS/IPS Sensors to the assist the fight against bots, worms, spam engines, and zombies!
The input from your logs will be used to identify hostile address that are bots, worms, spam engines which we use to build a shun list for your firewall so that you block the attackers before they enter into your network!
Submitting your logs requires free registration to get your IDS an access key.
Live Attacks shunned by Month
