Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3.1.0_6 UPDATE

    Scheduled Pinned Locked Moved pfBlockerNG
    77 Posts 14 Posters 19.9k Views 16 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lohphatL Offline
      lohphat @JMV43 0
      last edited by

      @jmv43-0 ??? I'm not aware of any IP or DNSBL list downloads from pfBlocker feeds which contain executable scripts. They're just lists of IPs, CIDRs, FQNDs to build lookup tables.

      Do you have an example feed which contains a script?

      SG-3100 25.07-RELEASE (arm) | Avahi (2.2_7) | ntopng (6.2.0) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.7) | System_Patches (2.2.21_2)

      J 1 Reply Last reply Reply Quote 0
      • BBcan177B Offline
        BBcan177 Moderator @JMV43 0
        last edited by

        @jmv43-0

        https://twitter.com/BleepinComputer/status/1584202031044374528?t=0XBrpP3vz_7XvkMFnW4PcQ&s=19

        "By looking closer into some of those cases, the researchers found a plethora of different malware and harmful scripts, ranging from remote access trojans to Cobalt Strike."

        "IP address analysis: comparing the PoC's publisher IP to public blocklists"

        So basically there are scripts and executables that were found in several Github repositories.

        The researchers found that some of those malware IPs were matched in the public IP blocklists.

        The best blocklists being hpHosts and Stop Forum Spam.

        Tho hpHosts has been closed but I have been trying to get it back some what:

        https://twitter.com/BBcan177/status/1582913688058855426?t=abL5y3qyGMikWZgRn7mbnw&s=19

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        BBcan177B J 2 Replies Last reply Reply Quote 2
        • BBcan177B Offline
          BBcan177 Moderator @BBcan177
          last edited by BBcan177

          And another reason why I resisted to automatically unblock any IPs of any feeds.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          DefenderLLCD P 2 Replies Last reply Reply Quote 1
          • DefenderLLCD Offline
            DefenderLLC @BBcan177
            last edited by

            @bbcan177 Good idea. Making the same change now...

            1 Reply Last reply Reply Quote 0
            • J Offline
              JMV43 0 @lohphat
              last edited by

              @lohphat Looking for a short and concise answer. Are they dangerous or not? I'm not a professional at this like some of you are.

              JMV

              1 Reply Last reply Reply Quote 0
              • J Offline
                JMV43 0 @BBcan177
                last edited by JMV43 0

                @bbcan177 Thank you. I just needed to make sure it didn't somehow affect pfBlocker's feeds..

                JMV

                1 Reply Last reply Reply Quote 0
                • P Offline
                  pfsjap @BBcan177
                  last edited by

                  @bbcan177 said in 3.1.0_6 UPDATE:

                  And another reason why I resisted to automatically unblock any IPs of any feeds.

                  I don't get it, how would you automatically unblock IPs of some feed?

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan @pfsjap
                    last edited by

                    @pfsjap said in 3.1.0_6 UPDATE:

                    how would you automatically unblock IPs of some feed?

                    By using a build in list called 'auto unblock' ;)

                    Now the question goes to 'why' - right ?

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    P 1 Reply Last reply Reply Quote 0
                    • P Offline
                      pfsjap @Gertjan
                      last edited by

                      @gertjan I don't want to unblock IPs in a blocklist, I just can't see how that would even be possible.
                      I guess I could change the rule action from Reject to Pass, but 'Auto unblock'?

                      DefenderLLCD 1 Reply Last reply Reply Quote 0
                      • DefenderLLCD Offline
                        DefenderLLC @pfsjap
                        last edited by

                        @pfsjap I was wondering this myself. Got confused with Suricata where this feature is an option.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.