Closed DigiAngel closed 8 years ago
DigiAngel
commented
8 years ago 
The screenshot from the 14th shows no berkeley hits, though yesterday there were 2666 requests, so yesterdays version of maltrail was successfully whitelisting these. The screenshot from today is for the last hour. Thank you.
DigiAngel
commented
8 years ago Confirming that after rolling back to the older version of maltrail I no longer see berkeley or cymru hits getting captured by the sensor.
stamparm
commented
8 years ago This should be fixed couple of months ago
So we are using bro-ids on the same machine as maltrail. Bro-ids does hash checks at berkeley.edu and cymru.com as shown below:
I just upgraded this morning. I have no hits for "berkeley.edu" yesterday, but after upgrading I see a lot of these as: consonant threshold no such domain (suspicious)
I have the below in my whitelist, which was working before, but after upgrading it is not:
I have the old version tar'd up in case you might want to look at that. Thank you.