Known Compromised Hosts

This ruleset is compiled from a number of sources. It's contents are hosts that are known to be compromised by bots, phishing sites, etc, or known to be spewing hostile traffic. These are not your everyday infected and sending a bit of spam hosts, these are significantly infected and hostile hosts.

Sources are confidential at this point, but are extremely reliable. If you have a source of IPs to add to the list please email

Sids are in the range 240800-2408999 for normal version, 2409000-2409999 for the Snortsam blocking versions.

Note: This list no longer includes the RBN (RussianBusinessNetwork) hosts. These are in a standalone ruleset.

Note: Original lists were in the 2500-3000 rule range, which ended up being a significant Snort load. We're keeping this ruleset under 1000 and things seem to be fine in most cases. But use caution if applying the entire ruleset to an already loaded sensor.

Known CompromisedHost List

Topic attachments
I Attachment Action Size Date Who Comment
Texttxt compromisedips.txt manage 63.6 K 2009-09-24 - 18:16 UnknownUser Known Compromised Hosts IP list updated 9/24/09
Edit | Attach | Print version | History: r9 | r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r5 - 2009-09-24 - JasonWeir
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats