Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3.1.0_6 UPDATE

    Scheduled Pinned Locked Moved pfBlockerNG
    77 Posts 14 Posters 16.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lohphatL
      lohphat @JMV43 0
      last edited by

      @jmv43-0 ??? I'm not aware of any IP or DNSBL list downloads from pfBlocker feeds which contain executable scripts. They're just lists of IPs, CIDRs, FQNDs to build lookup tables.

      Do you have an example feed which contains a script?

      SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_1)

      J 1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator @JMV43 0
        last edited by

        @jmv43-0

        https://twitter.com/BleepinComputer/status/1584202031044374528?t=0XBrpP3vz_7XvkMFnW4PcQ&s=19

        "By looking closer into some of those cases, the researchers found a plethora of different malware and harmful scripts, ranging from remote access trojans to Cobalt Strike."

        "IP address analysis: comparing the PoC's publisher IP to public blocklists"

        So basically there are scripts and executables that were found in several Github repositories.

        The researchers found that some of those malware IPs were matched in the public IP blocklists.

        The best blocklists being hpHosts and Stop Forum Spam.

        Tho hpHosts has been closed but I have been trying to get it back some what:

        https://twitter.com/BBcan177/status/1582913688058855426?t=abL5y3qyGMikWZgRn7mbnw&s=19

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        BBcan177B J 2 Replies Last reply Reply Quote 2
        • BBcan177B
          BBcan177 Moderator @BBcan177
          last edited by BBcan177

          And another reason why I resisted to automatically unblock any IPs of any feeds.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          DefenderLLCD P 2 Replies Last reply Reply Quote 1
          • DefenderLLCD
            DefenderLLC @BBcan177
            last edited by

            @bbcan177 Good idea. Making the same change now...

            1 Reply Last reply Reply Quote 0
            • J
              JMV43 0 @lohphat
              last edited by

              @lohphat Looking for a short and concise answer. Are they dangerous or not? I'm not a professional at this like some of you are.

              JMV

              1 Reply Last reply Reply Quote 0
              • J
                JMV43 0 @BBcan177
                last edited by JMV43 0

                @bbcan177 Thank you. I just needed to make sure it didn't somehow affect pfBlocker's feeds..

                JMV

                1 Reply Last reply Reply Quote 0
                • P
                  pfsjap @BBcan177
                  last edited by

                  @bbcan177 said in 3.1.0_6 UPDATE:

                  And another reason why I resisted to automatically unblock any IPs of any feeds.

                  I don't get it, how would you automatically unblock IPs of some feed?

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @pfsjap
                    last edited by

                    @pfsjap said in 3.1.0_6 UPDATE:

                    how would you automatically unblock IPs of some feed?

                    By using a build in list called 'auto unblock' ;)

                    Now the question goes to 'why' - right ?

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      pfsjap @Gertjan
                      last edited by

                      @gertjan I don't want to unblock IPs in a blocklist, I just can't see how that would even be possible.
                      I guess I could change the rule action from Reject to Pass, but 'Auto unblock'?

                      DefenderLLCD 1 Reply Last reply Reply Quote 0
                      • DefenderLLCD
                        DefenderLLC @pfsjap
                        last edited by

                        @pfsjap I was wondering this myself. Got confused with Suricata where this feature is an option.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.