ISC_1000_30 added Google DNS 8.8.8.8

Rico

https://isc.sans.edu/api/sources/attacks/1000/30?text

    [443] => Array
        (
            [ip] => 008.008.008.008
            [attacks] => 149
            [count] => 18441
            [firstseen] => 2020-09-10
            [lastseen] => 2020-09-20
        )

Just in case someone is wondering... ;-)

-Rico

Phizix

Well this explains a lot. I noticed that my machine suddenly stopped working on 8.8.8.8.

Where in pfBlockerNG should I list it to overide the block. I want something that survives updates and reloads.

Been a little while since I set this up.

Rico

Sorry to rejoin the Party a little bit late again. ;-)
You can use Firewall > pfBlockerNG > IP > IPv4 Suppression
Personally I completely removed ISC_1000_30_v4 and BBC_C2_v4 ...very tired of all the false positives, felt as they build their lists just random.

-Rico

Draco

@Phizix I realize this is late, but you could add the whitelist at https://public-dns.info/nameservers.txt to whitelist all DNS servers.

Someone on this list also submitted the IP of a Windows Update server to the blacklist. BBCan suggested importing a JSON list from Microsoft (https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) which Microsoft updates regularly to whitelist all of their IPs (yes, I use Windows).

noplan

@Draco

Thanks I like the idea of puutin win update or global dns on a whitelist
Havnt come to my mind just yet
Thx