Todo #15270
closedENUMER STUN
0%
Description
Hello,
Recently I reviewed my network activity and found lot of requests to the file http://enumer.org/public-stun.txt, for example:
184.160.160.132 - - [19/Feb/2024:04:00:15 +0000] "HEAD /public-stun.txt HTTP/1.1" 200 0 "-" "pfSense/pfBlockerNG cURL download agent-2ea9b19f46b866e4dccd"
24.54.167.22 - - [19/Feb/2024:04:00:15 +0000] "HEAD /public-stun.txt HTTP/1.1" 200 0 "-" "pfSense/pfBlockerNG cURL download agent-9abe8c65abcd215e9a19"
95.215.198.214 - - [19/Feb/2024:04:00:15 +0000] "HEAD /public-stun.txt HTTP/1.1" 200 0 "-" "pfSense/pfBlockerNG cURL download agent-8a97fd25f5903d1d1571"
152.117.99.111 - - [19/Feb/2024:04:00:16 +0000] "HEAD /public-stun.txt HTTP/1.1" 200 0 "-" "pfSense/pfBlockerNG cURL download agent-504fcb8bf0cd037ad4cb"
185.196.123.62 - - [19/Feb/2024:04:00:17 +0000] "HEAD /public-stun.txt HTTP/1.1" 200 0 "-" "pfSense/pfBlockerNG cURL download agent-fc02a9b426fd2ca918a6"
After brief investigation I found this URL in the your source code, with hourly retrieval rate: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_feeds.json
I am OK with this activity, no complains, etc. However, I would like provide several notes:
1. This list I update ~annualy, and no sense to fetch it hourly. I think, weekly or monthly fetch will be OK.
2. I am wondering, why these legal STUN-severs (used for VOIP) you included into blacklist. I thinks, there are not malicious sites (for example, Google is definitely non-malicious). Is this exists real reason to do this?
3. If you would like, we can establish collaborations bwtween our projects. For instance, I can upate this list more frequently. Or you can use our IT-infrastructural technologies in your project. I think, we can establish mitially beneficial collaboration.
I am open to constructive discussion.
Thanks in advance,
Oleg
Updated by Chris W about 1 month ago
- Status changed from New to Closed
That feed isn't enabled by default and we don't maintain it. The pfBlockerNG developer includes the ability to one-click add it but the list itself is provided by http://enumer.org. Questions about why certain servers are on their list should be directed to Enumer.