Block Malware CnCs and Other Nasties
kevross33 last edited by
I would recommend anyone using pfsense to create a URL alias pointing to some of the emergingthreats ip lists and some other lists (do one for each). Then you create a rule to block all traffic going outbound from any source and any protocol (IP) going to a destination of each of these aliases and then put them above all other allow rules (put them at the top of your rules) then do the same for these as sources going to any destination inbound. Doing this will block hosts in your network from connecting to lots of IP addresses which may infect them, attack them or even if a host is infected it may help stopping it connecting to its command and control server. I would also recommend logging any hits on these rules so you can spot attacks & infections.
http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt (Shadowserver CnCs, Dshield, Russian Business Network).
http://rules.emergingthreats.net/blockrules/rbn-malvertisers-ips.txt (Russian Business Network Malvertisers)
http://www.ciarmy.com/list/ci-badguys.txt (Sentinel IPS collective attackers list)