Pfblockerng blocking googledns despite it wasn't in a list…

pfBlockerNG
Log in to reply
  • M

    I had some… odd results from one of my lists in pfblockerng

    I was using this list:
    https://isc.sans.edu/api/sources/attacks/10000

    It contains 1 month of information
    <lastseen>2017-04-04</lastseen> is the oldest last seen date, so it's not like the information just fell off.

    pfblockerng was blocking googledns , from this list, except 8.8.8.8 which is blocked, wasn't in the list at all!

    I have it on an hourly cron update for both the list, and general cron.

    See attached image:

    ![googledns pfblocker.png](/public/imported_attachments/1/googledns pfblocker.png)
    ![googledns pfblocker.png_thumb](/public/imported_attachments/1/googledns pfblocker.png_thumb)

    0
  • BBcan177
    Moderator

    Run the following command to see which feed contains that IP:

    grep "8.8.8.8" /var/db/pfblockerng/deny/*

    If you enable the suppression feature, it will add a "+" icon in the Alerts tab which can be used to suppress this IP. This IP shouldn't be listed in any feed, so once you find out which feed listed that IP, you may want to report it to the feed maintainer.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy