Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Pete Keller (pkellerbillbarrettcorp.com)
Date: Wed May 01 2013 - 12:58:03 CDT
I was advised by the Information Systems Security Officer at a US government website (that my end users cannot access) to call snort.org "and explain(ed) what's happening to your company."
Please send helpful redirects as necessary.
I contacted the support group for the eia.gov website letting them know that we have not been able to access their website for the past month. I have reviewed our systems and we are not blocking access to their servers at all. After giving all the information I could about the issue to the eia.gov support group, I have been informed by them that
"EIA has not blocked you, EIA uses commercial security products, which are updated by vendors which have the ability to block IP addresses of known/suspected harmful sites. If this has occurred to your organization/company, you must contact internet security businesses that monitor and blacklist IP traffic on the internet [i.e., SNORT.ORG<http://SNORT.ORG>]. EIA has no control over the addition/deletion of IP addresses from the aforementioned lists."
I have run multiple searches online to see if our public IP address is in any publicly available black list and cannot find it. The support tech at eia.gov has stated that our public IP is on a black list but I cannot confirm his statement. I understand that eia.gov will not want to tell me which product they are using for security, but that makes my ability to contact Internet security business that monitor and blacklist IP traffic difficult.
Doing more research, I have found a website where 3 other people have commented that since the beginning of April 2013, they have not been able to access the eia.gov website through their business network but could access it from home. My end users have told me that they have been unable to access eia.gov since the beginning of April.
While reading about snort.org and setting up the system, it appears that the blacklist file is user editable, but it is unclear if snort.org maintains a blacklist of IPs for subscribers. If that is the case, what services do users utilize to build their blacklist files?
Any useful help is greatly appreciated.
Senior Technical Engineer
Bill Barrett Corporation
1099 18th St Suite 2300
Denver, CO. 80202
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!