pulledpork3 icon indicating copy to clipboard operation
pulledpork3 copied to clipboard
verified publisher icon shirkdog

Downloading the Snort block list is no longer possible because of the terms page

Open Abdulhadi-Mraish opened this issue 10 months ago • 5 comments

Downloading the Snort block list is no longer possible because of the terms page

The IP blocklist file downloaded with PulledPork will contain HTML content

https://snort.org/downloads/ip-block-list

https://blog.snort.org/2024/09/changes-to-snort-sample-ip-block-list.html

Abdulhadi-Mraish avatar Feb 18 '25 09:02 Abdulhadi-Mraish

As mentioned in blog post, this list is anyway not supposed to be used and is for testing only. It gives false sense of protection.

So this should be disabled in pulledpork, anyway.

So in pulledpork configuration, set: snort_blocklist = false

amishmm avatar Feb 18 '25 09:02 amishmm

thanks to open an issue for that, I received no email warning from snort since... is there an official ip block list we can trust on?

ROBERT-MCDOWELL avatar Feb 18 '25 16:02 ROBERT-MCDOWELL

Test emerging threats blocklist, by setting:

et_blocklist = true

in pulledpork config file.

amishmm avatar Mar 02 '25 07:03 amishmm

ok thanks

ROBERT-MCDOWELL avatar Mar 02 '25 14:03 ROBERT-MCDOWELL

I hate that this was done. #justsaying

finchy avatar Nov 24 '25 19:11 finchy