Sumber Senarai Domain Hasad

Some of the more popular sinkhole lists include (in no particular order):

• www.MalwareDomains.com
• www.Malware.com.br
• www.MalwareDomainList.com
• www.MalwareURL.com
• www.SomeoneWhoCares.org
• mtc.sri.com
• www.MVPs.org
• www.UrlBlacklist.com (not free)

ref:   https://www.sans.org/blog/windows-dns-server-sinkhole-domains-tool/

ja3

 https://idsips.files.wordpress.com/2020/05/suricata-and-tls.pdf

pf_ring

In using pf_ring, we get access to a feature set that lowers the hit to CPU, in a variety of ways (pre-process, post-process, aligning threads to rings/buffers from/to the NIC and its buffers). It can do this in other ways too, with more or less, two additional feature sets, Flow Table and Zero Copy. Both of these cost money. While I walk you through installing and setting up features that enable FT, I will be staying away from a ZC build here. The FT allows you to skip over large bandwidth traffic flows, ZC uses unique features of our different methods of transmitting network traffic, and optimizes the path around the Kernel to reduce the impact of some seriously heavy data (10G+). As ZC requires very specific NICs and even though one of them is available on ESXi 6.7u3 (e1000e)

 https://www.nova-labs.net/suricata-6-with-pf_ring-on-ubuntu-18-04/