[Bro] Blacklist querying using Bro script
Sheharbano Khattak
sheharbano.k at gmail.com
Wed Mar 28 04:24:41 PDT 2012
Dear Bro Team,
I maintain blacklists of botnet C&C servers, spam sources etc. These are
usually distributed as text files. Every once in a while, i need to update
these by re-downloading them or better yet, by using rsync. In other cases,
the database is too large to be locally maintained e.g. DNSBL and i would
rather make an online query.
I want this process to be completely automated. That is to say, i want to
provide Bro with a list of URL's from where these lists can be obtained at
the time of invocation. In my Bro script, i want to handle reading these
files and also 'refresh' the lists say every 24 hours. Occasionally, i want
to be able to make online queries about the 'sanity' of certain IP
addresses.
Can i do this using Bro Script? If not, how do i go about doing this?
Regards,
--
Sheharbano Khattak
Research Engineer / MS student
NUST, Pakistan
http://etheryell.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120328/d13f9467/attachment.html
More information about the Bro
mailing list