25 May
2018
25 May
'18
5:50 a.m.
Hmm did not know of that one, thanks for bringing that one up ;)
I'll have a look at what's in that list and should probably block that too indeed
I've set up Snort on the pfSense firewall, it does IPS as well that way
73,
Ruben - ON3RVH
-----Original Message-----
From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Toussaint
OTTAVI
Sent: vrijdag 25 mei 2018 12:42
To: 44net(a)mailman.ampr.org
Subject: Re: [44net] VPNFilter Router Malware
Hi,
Le 25/05/2018 à 10:31, Ruben ON3RVH a écrit :
Opt-out forms are indeed a gigantic waste of time.
That's been proven a lot.
For a list of Shodan IP's that is maintained, you can check
outhttps://isc.sans.edu/api/threatlist/shodan?json
Thank you, I didn't know that.
Is there any valuable reason not to block the whole ISC threatlist, instead of just shodan
? (https://isc.sans.edu/api/threatlist?json)
--
I'm also thinking about integrating a Snort IPS on our gateway, but I didn't find
the right way to do that yet.
73 de TK1BI