PfBlockerng Dlevel
-
@NogBadTheBad
Yep that's already done, it's just that the DNSBL is not picking up those specific ads.
So maybe there's a specific URL that needs to be blacklisted ,
I was wondering if there's someway to monitor the TV ips traffic and then watch the URLs that it accesses a d then Black list those accordingly?
Thanks -
@abidkhanhk said in PfBlockerng Dlevel:
was wondering if there's someway to monitor the TV ips traffic and then watch t
You maybe could use GEOIP to block China via an alias if all the ads are coming from China:-
-
@NogBadTheBad
Thanks
Let me give that a try
Cheers -
@NogBadTheBad
Hi, did the GeoIP block and it seems chinese IPs are not being blocked, apart from this i noticed that the logs mentioned something like[ DNSBL_Malicious - ISC_SDL ] Download Fail [ 10/23/19 23:43:44 ]
Firewall and/or IDS (Legacy mode only) are not blocking download.
. unknown http status code | 0[ DNSBL_Malicious - Spam404 ] Download Fail [ 10/27/19 00:03:59 ]
[ raw.githubusercontent.com ] Domain listed in DNSBLthese 2 lists fail every time, i have set them to update every day 12 hours interval.
-
Looks like they are back working, sometimes the feed maintainer does something that causes the feeds to fail.
Easiest thing to do is see if you can download them manually.
Go into the Malicious collection and then copy the URL and paste it into another web browser tab.
https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
-
@NogBadTheBad Thanks, I will try that today.
Cheers -
Try these blocklists for Chinese ad servers:
https://raw.githubusercontent.com/vokins/yhosts/master/hosts.txt
http://tools.yiclear.com/ChinaList2.0.txtalternately go to filterlists.com and search for some Chinese blocklists.
Chinese ad servers are named very differently compared to others so you need specific blocklists.
or, if you're after one size fits most solution, use: https://dbl.oisd.nl/
personal experience has very no false positives on the sites I visit, lots of false positives in Chinese blogging sites but it'll work well in your use case.
Wanna take it a step further? add those lists above and turn on TLD. For some strange reason, this speeds up pfblocker too (for me anyway), HP T620 plus with 16GB ram.
-
How do I add https://dbl.oisd.nl/ ?
After I add it and update my lists it doesn't appear on the log.
-
Be careful with this list.
It contains 870 thousand domain names. It's huge.That will put a load on any router, even when it's driven a "the latest and greatest AMD/Intel" CPU.
8 or even 16 Gbytes of memory becomes a bare minimum.
If you use DNSBL => TLD, see minimum memory constraints .
The resolver, unbound, has to maintaine a huge internal DNS cache ..... and every DNS request will get compared with this list.
Do NOT try to download this list every 10 minutes or so ....Btw : it might be advisable not to visit chinese sites, or visit sites that link back to these sites, and: you won't be needing this list.
-
Here is the OISD light version: https://dbl.oisd.nl/light/
-Rico
