Project

General

Profile

Actions
Copy link

Bug #10930

closed

Wrong blocklist from dshield.org

Added by Johannes Ullrich over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
pfBlockerNG
Target version:
-
Start date:
09/24/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

The current configuration uses the wrong blocklist from dshield.org (https://isc.sans.edu/api/sources/attacks/1000/30?text ). This list, as the header at top points out, is not to be used as a blocklist and contains often IPs like 8.8.8.8.

The only blocklist published by DShield is dshield.org/block.txt

.

Actions
Copy link
 #1

Updated by Johannes Ullrich over 3 years ago

also, https://feeds.dshield.org/top10-2.txt is mentioned in the documentation, which is not a block list.

Actions
Copy link
 #3

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #4

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #5

Updated by Jordan G over 3 years ago

  • Status changed from Feedback to Resolved

test on new pfblockerng-devel pkg install on 2.4.5p1 and 2.5.0-DEVELOPMENT (arm)built on Wed Sep 30 18:54:01 EDT 2020

Feed lists only included dshield.org/block.txt instead of 30day, 60day, 90 etc... ISC lists

Actions
Copy link

Also available in: Atom PDF