Hmm did not know of that one, thanks for bringing that one up ;) I'll have a look at what's in that list and should probably block that too indeed
I've set up Snort on the pfSense firewall, it does IPS as well that way
73,
Ruben - ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Toussaint OTTAVI Sent: vrijdag 25 mei 2018 12:42 To: 44net@mailman.ampr.org Subject: Re: [44net] VPNFilter Router Malware
Hi,
Le 25/05/2018 à 10:31, Ruben ON3RVH a écrit :
Opt-out forms are indeed a gigantic waste of time. That's been proven a lot. For a list of Shodan IP's that is maintained, you can check outhttps://isc.sans.edu/api/threatlist/shodan?json
Thank you, I didn't know that.
Is there any valuable reason not to block the whole ISC threatlist, instead of just shodan ? (https://isc.sans.edu/api/threatlist?json)
-- I'm also thinking about integrating a Snort IPS on our gateway, but I didn't find the right way to do that yet.
73 de TK1BI