3.1.0_6 UPDATE
-
@keyser said in 3.1.0_6 UPDATE:
Rumors have it that it is Netgate that maintains this package now
FYI Netgate has a list: https://www.netgate.com/supported-pfsense-plus-packages
-
Note that pfBlockerNG and pfBlockerNG-devel are NOT the same package and are on different development tracks.
pfBlockerNG-devel will eventually replace pfBlockerNG but for now they're separate.
-
@keyser said in 3.1.0_6 UPDATE:
I wonder whats going on hereā¦ Rumors have it that it is Netgate that maintains this package now and @BBcan177 is no longer on board.
The thing about rumors... is that they're difficult to prove, or disprove.
TAC doesn't provide support for pfBlockerNG. BBcan is the maintainer. As I understood it BBcan was on paternity leave for the last few months.
What I can tell you is a colleague in TAC wrote a patch for the issue that was effecting logging (IIRC) and I think that's where people are thinking it's now a Netgate product. It was a patch, nothing more.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in 3.1.0_6 UPDATE:
@keyser said in 3.1.0_6 UPDATE:
I wonder whats going on hereā¦ Rumors have it that it is Netgate that maintains this package now and @BBcan177 is no longer on board.
The thing about rumors... is that they're difficult to prove, or disprove.
TAC doesn't provide support for pfBlockerNG. BBcan is the maintainer. As I understood it BBcan was on paternity leave for the last few months.
What I can tell you is a colleague in TAC wrote a patch for the issue that was effecting logging (IIRC) and I think that's where people are thinking it's now a Netgate product. It was a patch, nothing more.
Plus he was very forthcoming about the issue and an upcoming patch and how to fix the issue beforehand...
-
@cloudified Never let a good theory get in the way of reality... :D
-
@bbcan177 Changing subject, "Thousands of GitHub repositories deliver fake PoC exploits with malware" found this on Bleeping Computer, some of the pfBlocker feeds are named in this article.
JMV
-
@jmv43-0 ??? I'm not aware of any IP or DNSBL list downloads from pfBlocker feeds which contain executable scripts. They're just lists of IPs, CIDRs, FQNDs to build lookup tables.
Do you have an example feed which contains a script?
-
https://twitter.com/BleepinComputer/status/1584202031044374528?t=0XBrpP3vz_7XvkMFnW4PcQ&s=19
"By looking closer into some of those cases, the researchers found a plethora of different malware and harmful scripts, ranging from remote access trojans to Cobalt Strike."
"IP address analysis: comparing the PoC's publisher IP to public blocklists"
So basically there are scripts and executables that were found in several Github repositories.
The researchers found that some of those malware IPs were matched in the public IP blocklists.
The best blocklists being hpHosts and Stop Forum Spam.
Tho hpHosts has been closed but I have been trying to get it back some what:
https://twitter.com/BBcan177/status/1582913688058855426?t=abL5y3qyGMikWZgRn7mbnw&s=19
"Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177Ā #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
And another reason why I resisted to automatically unblock any IPs of any feeds.
"Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177Ā #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
@bbcan177 Good idea. Making the same change now...
-
@lohphat Looking for a short and concise answer. Are they dangerous or not? I'm not a professional at this like some of you are.
JMV
-
@bbcan177 Thank you. I just needed to make sure it didn't somehow affect pfBlocker's feeds..
JMV
-
@bbcan177 said in 3.1.0_6 UPDATE:
And another reason why I resisted to automatically unblock any IPs of any feeds.
I don't get it, how would you automatically unblock IPs of some feed?
-
@pfsjap said in 3.1.0_6 UPDATE:
how would you automatically unblock IPs of some feed?
By using a build in list called 'auto unblock' ;)
Now the question goes to 'why' - right ?
-
@gertjan I don't want to unblock IPs in a blocklist, I just can't see how that would even be possible.
I guess I could change the rule action from Reject to Pass, but 'Auto unblock'? -
@pfsjap I was wondering this myself. Got confused with Suricata where this feature is an option.
