Known Compromised Hosts

This ruleset is compiled from a number of sources. It's contents are hosts that are known to be compromised by bots, phishing sites, etc, or known to be spewing hostile traffic. These are not your everyday infected and sending a bit of spam hosts, these are significantly infected and hostile hosts.

Sources include:

Brute Force Blocker

If you have a source of IPs you'd like to add to the list please email

Sids are in the range 2408000-2408999 for normal version, 2409000-2409999 for the Snortsam blocking versions.

Note: Original lists were in the 2500-3000 rule range, which ended up being a significant Snort load. We're keeping this ruleset under 1000 and things seem to be fine in most cases. But use caution if applying the entire ruleset to an already loaded sensor.

Known CompromisedHost List

Edit | Attach | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r8 - 2017-02-28 - FrancisTrudeau
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats