ETPro and ET Intelligence download servers will be migrating to AWS
-
Dear ETPro and ET Intelligence Community,
As part of our ongoing work to improve our infrastructure, we will be migrating our Rule Download infrastructure for ETOpen, ETPro and ET Intelligence Replist to a more robust, globally distributed implementation. For most users, no action will be required to take advantage of these improvements.
What Changing?:
We will be migrating the Download Servers (rules.emergingthreats.net and rules.emergingthreatspro.com) from a hosted implementation to a globally distributed implementation.
The IP Addresses of the download servers will be migrating to AWS IP: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.htmlWhen are the changes taking place?
Announcement: 6/9/2020
Initial Cutover: 7/9/2020
We will be migrating the traffic with a increasing % every day between 7/9/2020-7/22/2020
Completion: 7/23/2020
Old rule servers will be retired and no longer accessible. -
Snort and Suricata both use the rules.emergingthreats.net and rules.emergingthreatspro.com URLs for downloading ET rules, so there should be no impact. They are not using any hard-coded IP addresses.
However, users running other packages with large IP blocklists (in particular pfBlockerNG or pfBlockerNG-devel) will need to scour the IP lists being used by that package to be sure the AWS infrastructure IP ranges that get assigned to Emerging Threats are not on a block list. Some of those lists can be overly broad at times and block legitimate traffic.
