maxmind.com blocked by QuidSup Trackers



  • Hello there,

    First of all, big thanks to BBCAN177 for this amazing package.

    So, I was looking at the dashboard and saw a couple of list have failed to download. When I looked at the maxmind.com list I found out that it was getting blocked by

    [2.4.3-RELEASE][pucho@mydomain.com]/home/pucho: grep "maxmind" /var/db/pfblockerng/dnsbl/*
    /var/db/pfblockerng/dnsbl/Quidsup_Trackers.txt:local-data: "maxmind.com 60 IN A 10.10.10.1"
    

    So I browsed to their website and ran a search
    https://quidsup.net/notrack/blocklist.php?view=search

    Looking at the github tracker.txt file seems to have been there for a while.

    I guess my question is, how do you guys handle this sort of contradictions? How/Where do you check that maxmind.com isn't really a bad domain. I ran checks on a couple of sites and it wasn't blocked so I wonder if the following step would be to query Quidsup guys for some feedback.

    Background: I had the stable version of pfblockerng running with custom lists I pulled from different posts on internet and then moved to the dev version which found several of duplicated entries which I believe I removed to leave pfblocker handle them all instead. I'm running pfsense 2.4.3 btw.

    Suggestions?


  • Moderator

    @pucho said in maxmind.com blocked by QuidSup Trackers:

    First of all, big thanks to BBCAN177 for this amazing package.

    Thanks!

    grep "maxmind" /var/db/pfblockerng/dnsbl/*
    /var/db/pfblockerng/dnsbl/Quidsup_Trackers.txt:local-data: "maxmind.com 60 IN A 10.10.10.1"
    Looking at the github tracker.txt file seems to have been there for a while.

    I posted an issue to their site:
    https://github.com/quidsup/notrack/issues/273

    I guess my question is, how do you guys handle this sort of contradictions? How/Where do you check that maxmind.com isn't really a bad domain. I ran checks on a couple of sites and it wasn't blocked so I wonder if the following step would be to query Quidsup guys for some feedback.

    In the Reports/Alerts tab, you can click on the ! icons to launch a Threat Lookup query. There are several options to choose from to do some investigation on the malicious nature of the blocked IPs/Domains.



  • Great, thanks!

    Completely overlooked it. I'll have a look at threat look up thing.

    I won't hesitate in the future to open a GitHub issue with the maintainers if after some investigation it turns out to be a false positive.