Under attack, anything I should do?
-
@BBcan177 yeah I deleted it, says empty file in the output, but no info added other than the place holder.
-
you could also just take the exact call I provided and ssh in the device, paste it and watch the terminal window fill with json return, (or perhaps you might see some other error ?)
prompt: /usr/local/bin/curl -A "pfSense/pfBNG cURL download agent-60835222024" -sS1 https://api.bgpview.io/asn/109/prefixes {"status":"ok","status_message":"Query was successful","data":{"ipv4_prefixes":[{"prefix":"12.5.186.0\/23","ip":"12.5.186.0","cidr":23,"roa_status":"None","name":"CISCO-SY729-186","description":"CISCO SYSTEMS","country_code":"US","parent":{"prefix":"12.0.0.0\/8","ip":"12.0.0.0","cidr":8,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"12.19.88.0\/21","ip":"12.19.88.0","cidr":21,"roa_status":"None","name":"CISCO-SY558-88","description":"CISCO SYSTEMS INC","country_code":"US","parent":{"prefix":"12.0.0.0\/8","ip":"12.0.0.0","cidr":8,"rir_name":"ARIN","allocation_stat
-
@johnpoz said in Under attack, anything I should do?:
And where in pfblocker would I put this token? I am not seeing it in any of the pfblocker settings, I have my maxmind token setup.
The link was to see info from @BBcan177 discussing the issue with BGPview.io, and the potential solutions being explored.
Using IPinfo, which requires registration and a token like Maxmind does, is one of the solutions he is exploring. He is working on an experimental implementation of IPinfo, which would potentially be used in a future version of pfBlocker. As the work is experimental and unreleased, you won't find a place to enter the token yet.
[Edit: This is what I get for reading/responding to posts in order. Sorry @BBcan177, I hadn't noticed that you had stepped in and posted.]
-
Yeah that seems to work fine
[24.03-RELEASE][admin@sg4860.home.arpa]/: /usr/local/bin/curl -A "pfSense/pfBNG cURL download agent-60835222024" -sS1 https://api.bgpview.io/asn/109/prefixes {"status":"ok","status_message":"Query was successful","data":{"ipv4_prefixes":[{"prefix":"12.5.186.0\/23","ip":"12.5.186.0","cidr":23,"roa_status":"None","name":"CISCO-SY729-186","description":"CISCO SYSTEMS","country_code":"US","parent":{"prefix":"12.0.0.0\/8","ip":"12.0.0.0","cidr":8,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"12.19.88.0\/21","ip":"12.19.88.0","cidr":21,"roa_status":"None","name":"CISCO-SY558-88","description":"CISCO SYSTEMS INC","country_code":"US","parent":{"prefix":"12.0.0.0\/8","ip":"12.0.0.0","cidr":8,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"12.159.148.0\/22","ip":"12.159.148.0","cidr":22,"roa_status":"Valid","name":"NET12","description":"American Registry for Internet Numbers","country_code":"US","parent":{"prefix":"12.0.0.0\/8","ip":"12.0.0.0","cidr":8,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.100.0.0\/16","ip":"64.100.0.0","cidr":16,"roa_status":"Valid","name":"CISCO-GEN-6","description":"Cisco Systems, Inc.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.101.0.0\/18","ip":"64.101.0.0","cidr":18,"roa_status":"Valid","name":"CISCO-GEN-6","description":"CISCO SYSTEMS, INC.","country_code":"US","parent":{"prefix":"62.50.64.0\/19","ip":"62.50.64.0","cidr":19,"rir_name":"RIPE","allocation_status":"unknown"}},{"prefix":"64.101.64.0\/18","ip":"64.101.64.0","cidr":18,"roa_status":"Valid","name":"CISCO-GEN-6","description":"Cisco Systems, Inc.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.101.96.0\/19","ip":"64.101.96.0","cidr":19,"roa_status":"Valid","name":"CISCO-GEN-6","description":"Cisco Systems, Inc.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.101.128.0\/18","ip":"64.101.128.0","cidr":18,"roa_status":"Valid","name":"CISCO-GEN-6","description":"CISCO SYSTEMS, INC.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.101.192.0\/19","ip":"64.101.192.0","cidr":19,"roa_status":"Valid","name":"CISCO-GEN-6","description":"CISCO SYSTEMS, INC.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"unknown"}},{"prefix":"64.101.224.0\/19","ip":"64.101.224.0","cidr":19,"roa_status":"Valid","name":"CISCO-GEN-6","description":"Cisco Systems, Inc.","country_code":"US","parent":{"prefix":"64.100.0.0\/14","ip":"64.100.0.0","cidr":14,"rir_name":"ARIN","allocation_status":"un
but doesn't seem to be updating the table in pfblocker and says the download fails, and I did change the line 761 to be a different ua
-
@johnpoz try to use the same agent string
pfSense/pfBNG cURL download agent
-
you might also need to delete the .orig and .fail files in the "original" directory if they exists there, not just the .txt in native
-
@BBcan177 said in Under attack, anything I should do?:
pfSense/pfBNG cURL download agent
well that worked
[ AS109_v4 ] Downloading update . Downloading ASN: 109... completed . completed ..
sorry for delay - kind of multitasking ;) on a meeting for work as well ;)
-
@JeGr said in Under attack, anything I should do?:
I don' even know how that got so famous in the first place!
I guess grc.com, Gibson and affiliates.
I remember vaguely some talk shows ...