Snort - reverse DNS on blocked IPs?



  • Is it possible to add reverse DNS to snort so that block IPs are looked up?  Similar to how Sarg works for web reporting?  I constantly find myself trying to access sites (i.e. iTunes stores) only to find I'm blocked and cannot quickly identify which IP address listed is the one that I need to Whitelist.  Instead I end up clearing all block IPs which resolves the issue until the same site is blocked minutes or hours later.

    If anyone can share their best practices, it would be much appreciated.  Thanks.


Log in to reply