Test if the traffic generated by Slips is correctly whitelisted or not.

[AlyaGomaa]

Created by Sebastian Garcia via monday.com integration. 🎉

[eldraco]

Thanks! yes, the comment with the description was not moved form our internal system. Here is the data:

Slips. Version 1.0.12 (d697955f) https://stratosphereips.org/

macos m1 for p2p

- Detected DNS answer with a blacklisted IP: 46.101.206.53 for query: urlhaus-api.abuse.chAS: DIGITALOCEAN-ASN, US AS14061SNI: urlhaus-api.abuse.ch Descripti
          on: IP is not expected be delivering unauthenticated SMTP email to any Internet mail server, such as dynamic and residential IP space. Source: PBL Spamhaus
           Maintained, spamhaus. threat level: medium.

This alert should not have happened, since that domain is whitelisted and the DNS query had it

whitelist.conf

domain,urlhaus-api.abuse.ch,both,alerts Same with

• Detected DNS answer with a blacklisted IP: 172.66.0.96 for query: api.macvendors.com Description: IP is not expected be delivering unauthenticated SMTP ema il to any Internet mail server, such as dynamic and residential IP space. Source: PBL Spamhaus Maintained, spamhaus. threat level: medium.

[AlyaGomaa]

doesn't matter the pcap, we can test with any pcap