Skip Navigation
lemmy.ml meta @lemmy.ml jherazob @beehaw.org

SNORT has a rule against .ml domains

snort.org Snort - Rule Docs

Snort - Individual SID documentation for Snort rules

Was looking for something else and noticed that SNORT has an explicit rule against .ml domains, automatically flags any DNS query for a .ml domain as "suspicious malware activity". I know that Meraki by default takes these kinds of rules as "Block this", and likely other corporate appliances, so there might be people unable to reach lemmy.ml through them. I imagine there's not many but hey :) The site mentions "No reported false positives" for the rule, might be a good idea to register at least one :)

2

You're viewing a single thread.

2 comments
  • What is this Snort and who is using it? Never heard of Meraki either. Anyway people who are affected by that can just sign up on another instance. And changing domains is not possible with federation.

    • Snort is intrusion detection software that commonly runs on corporate firewalls.
      Meraki are corporate WiFi systems made by Cisco.
      So basically potentially affecting anyone accessing through work resources.