Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can I use Malware Filter Lists in pfBlockerNG that contain only IP address

    pfBlockerNG
    5
    11
    2147
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Xentrk
      Xentrk last edited by

      These files contain IP address of sites that spread malware. The format of the files contains IP address and does not have the 127.0.0.1 ip in front of them.  Is there a way for pfBlockerNG to use lists with this type of format?

      https://gitlab.com/swe_toast/malware-filter/raw/master/malware-filter.list

      http://cinsscore.com/list/ci-badguys.txt
      http://malc0de.com/bl/IP_Blacklist.txt
      http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt
      http://www.abuseat.org/iotcc.txt
      http://www.malwaredomainlist.com/hostslist/ip.txt
      https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
      https://lists.blocklist.de/lists/bots.txt
      https://lists.blocklist.de/lists/ssh.txt
      https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt
      https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt
      https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
      https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt
      https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt
      https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt
      https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
      https://zeustracker.abuse.ch/blocklist.php?download=badips

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        IPv4/6 lists can be added to the IPv4/6 tabs respectively.  Domain based lists can be added to the DNSBL feeds tab. All the lists above are usable in the pkg.

        1 Reply Last reply Reply Quote 0
        • Xentrk
          Xentrk last edited by

          @BBcan177:

          IPv4/6 lists can be added to the IPv4/6 tabs respectively.  Domain based lists can be added to the DNSBL feeds tab. All the lists above are usable in the pkg.

          Thank you @BBcan177.  Doing as you suggest is the solution. I ran the update to confirm. Thanks for the help and for developing the great package pfBlockerNG!

          1 Reply Last reply Reply Quote 0
          • M
            moscato359 last edited by

            Instead of that pile of ransomeware lists, have you considered the combined one?

            https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

            https://ransomwaretracker.abuse.ch/blocklist/ has the details

            It contains TC_PS_IPBL, LY_C2_IPBL, TL_C2_IPBL, TL_PS_IPBL, CB_PS_IPBL

            1 Reply Last reply Reply Quote 0
            • Xentrk
              Xentrk last edited by

              Thanks for the suggestion. I am always looking for better ways!  :)

              1 Reply Last reply Reply Quote 0
              • Qinn
                Qinn last edited by

                I get a  error on https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt in IPv4  anyone any suggestions?

                [ RW_IPBL ] Downloading update . cURL Error: 35
                OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443  Retry in 5 seconds…
                . cURL Error: 35

                Cheers Qinn

                1 Reply Last reply Reply Quote 0
                • F
                  f34rinc last edited by

                  @Qinn:

                  I get a  error on  cURL Error: 35 OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443  Retry in 5 seconds…

                  Can you change the format type to AUTO and try again

                  ![2017-06-14 11_46_22.png](/public/imported_attachments/1/2017-06-14 11_46_22.png)
                  ![2017-06-14 11_46_22.png_thumb](/public/imported_attachments/1/2017-06-14 11_46_22.png_thumb)

                  1 Reply Last reply Reply Quote 0
                  • Qinn
                    Qinn last edited by

                    Thanks for your reply, but it  was on "Auto" when the error was created, so no hopes there I am afraid.

                    Cheers Qinn

                    1 Reply Last reply Reply Quote 0
                    • BBcan177
                      BBcan177 Moderator last edited by

                      That URL seems to be ok?

                      curl -sI https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

                      HTTP/1.1 200 OK
                      Date: Thu, 15 Jun 2017 03:17:16 GMT
                      Server: Apache/2
                      Strict-Transport-Security: max-age=15768000 ; includeSubDomains
                      Last-Modified: Thu, 15 Jun 2017 03:15:02 GMT
                      ETag: "2907a-551f7131791fa"
                      Accept-Ranges: bytes
                      Content-Length: 168058
                      Cache-Control: max-age=300
                      Expires: Thu, 15 Jun 2017 03:22:16 GMT
                      X-Content-Type-Options: nosniff
                      X-XSS-Protection: 1; mode=block
                      X-Frame-Options: sameorigin
                      Content-Type: text/plain

                      When you use "Auto" it will use TLS to connect to the Feed…  Do you have a proxy that might be causing issues?

                      1 Reply Last reply Reply Quote 0
                      • Xentrk
                        Xentrk last edited by

                        @Qinn:

                        I get a  error on https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt in IPv4  anyone any suggestions?

                        [ RW_IPBL ] Downloading update . cURL Error: 35
                        OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ransomwaretracker.abuse.ch:443  Retry in 5 seconds…
                        . cURL Error: 35

                        Cheers Qinn

                        I got around to updating my list and the URL worked for me. I used Auto, On, https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt and rwipbl for the field values.  Did you try going to the url in the browser?

                        1 Reply Last reply Reply Quote 0
                        • Qinn
                          Qinn last edited by

                          Suddenly it works  :o even with RW_IPBL?

                          Thanks for all reply's

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy