Home page logo
/

snort logo Snort mailing list archives

help with issue, may not be snort related
From: Pete Keller <pkeller () billbarrettcorp com>
Date: Wed, 1 May 2013 17:58:03 +0000

I was advised by the Information Systems Security Officer at a US government website (that my end users cannot access) 
to call snort.org "and explain(ed) what's happening to your company."

Please send helpful redirects as necessary.

I contacted the support group for the eia.gov website letting them know that we have not been able to access their 
website for the past month. I have reviewed our systems and we are not blocking access to their servers at all. After 
giving all the information I could about the issue to the eia.gov support group, I have been informed by them that

"EIA has not blocked you,  EIA uses commercial security products, which are updated by vendors which have the ability 
to block IP addresses of known/suspected harmful sites.  If this has occurred to your organization/company, you must 
contact internet security businesses that monitor and blacklist IP traffic on the internet [i.e., 
SNORT.ORG<http://SNORT.ORG>]. EIA has no control over the addition/deletion of IP addresses from the aforementioned 
lists."

I have run multiple searches online to see if our public IP address is in any publicly available black list and cannot 
find it.  The support tech at eia.gov has stated that our public IP is on a black list but I cannot confirm his 
statement.  I understand that eia.gov will not want to tell me which product they are using for security, but that 
makes my ability to contact Internet security business that monitor and blacklist IP traffic difficult.

Doing more research, I have found a website where 3 other people have commented that since the beginning of April 2013, 
they have not been able to access the eia.gov website through their business network but could access it from home.  My 
end users have told me that they have been unable to access eia.gov since the beginning of April.

While reading about snort.org and setting up the system, it appears that the blacklist file is user editable, but it is 
unclear if snort.org maintains a blacklist of IPs for subscribers. If that is the case, what services do users utilize 
to build their blacklist files?

Any useful help is greatly appreciated.

Thanks
Pete

Pete Keller
Senior Technical Engineer
Bill Barrett Corporation
1099 18th St Suite 2300
Denver, CO. 80202
(D)303-312-8520
(C)303-588-0645

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault