ISC_1000_30 added Google DNS 8.8.8.8
-
https://isc.sans.edu/api/sources/attacks/1000/30?text[443] => Array ( [ip] => 008.008.008.008 [attacks] => 149 [count] => 18441 [firstseen] => 2020-09-10 [lastseen] => 2020-09-20 )Just in case someone is wondering... ;-)
-Rico
-
Well this explains a lot. I noticed that my machine suddenly stopped working on 8.8.8.8.
Where in pfBlockerNG should I list it to overide the block. I want something that survives updates and reloads.
Been a little while since I set this up.
-
Sorry to rejoin the Party a little bit late again. ;-)
You can use Firewall > pfBlockerNG > IP > IPv4 Suppression
Personally I completely removed ISC_1000_30_v4 and BBC_C2_v4 ...very tired of all the false positives, felt as they build their lists just random.-Rico
-
@Phizix I realize this is late, but you could add the whitelist at https://public-dns.info/nameservers.txt to whitelist all DNS servers.
Someone on this list also submitted the IP of a Windows Update server to the blacklist. BBCan suggested importing a JSON list from Microsoft (https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) which Microsoft updates regularly to whitelist all of their IPs (yes, I use Windows).
-
Thanks I like the idea of puutin win update or global dns on a whitelist
Havnt come to my mind just yet
Thx
