Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    maxmind.com blocked by QuidSup Trackers

    pfBlockerNG
    2
    3
    236
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Pucho
      Pucho last edited by

      Hello there,

      First of all, big thanks to BBCAN177 for this amazing package.

      So, I was looking at the dashboard and saw a couple of list have failed to download. When I looked at the maxmind.com list I found out that it was getting blocked by

      [2.4.3-RELEASE][pucho@mydomain.com]/home/pucho: grep "maxmind" /var/db/pfblockerng/dnsbl/*
      /var/db/pfblockerng/dnsbl/Quidsup_Trackers.txt:local-data: "maxmind.com 60 IN A 10.10.10.1"
      

      So I browsed to their website and ran a search
      https://quidsup.net/notrack/blocklist.php?view=search

      Looking at the github tracker.txt file seems to have been there for a while.

      I guess my question is, how do you guys handle this sort of contradictions? How/Where do you check that maxmind.com isn't really a bad domain. I ran checks on a couple of sites and it wasn't blocked so I wonder if the following step would be to query Quidsup guys for some feedback.

      Background: I had the stable version of pfblockerng running with custom lists I pulled from different posts on internet and then moved to the dev version which found several of duplicated entries which I believe I removed to leave pfblocker handle them all instead. I'm running pfsense 2.4.3 btw.

      Suggestions?

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        @pucho said in maxmind.com blocked by QuidSup Trackers:

        First of all, big thanks to BBCAN177 for this amazing package.

        Thanks!

        grep "maxmind" /var/db/pfblockerng/dnsbl/*
        /var/db/pfblockerng/dnsbl/Quidsup_Trackers.txt:local-data: "maxmind.com 60 IN A 10.10.10.1"
        Looking at the github tracker.txt file seems to have been there for a while.

        I posted an issue to their site:
        https://github.com/quidsup/notrack/issues/273

        I guess my question is, how do you guys handle this sort of contradictions? How/Where do you check that maxmind.com isn't really a bad domain. I ran checks on a couple of sites and it wasn't blocked so I wonder if the following step would be to query Quidsup guys for some feedback.

        In the Reports/Alerts tab, you can click on the ! icons to launch a Threat Lookup query. There are several options to choose from to do some investigation on the malicious nature of the blocked IPs/Domains.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • Pucho
          Pucho last edited by

          Great, thanks!

          Completely overlooked it. I'll have a look at threat look up thing.

          I won't hesitate in the future to open a GitHub issue with the maintainers if after some investigation it turns out to be a false positive.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post