Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block Malware CnCs and nasties

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kevross33
      last edited by

      POSTED IN FIREWALL BUT SO PEOPLE SEE IT - NOT A PACKAGE BUT A USEFUL TIP:
      I would recommend anyone using pfsense to create a URL alias pointing to some of the emergingthreats ip lists and some other lists (do one for each). Then you create a rule to block all traffic going outbound from any source and any protocol (IP) going to a destination of each of these aliases and then put them above all other allow rules (put them at the top of your rules) then do the same for these as sources going to any destination inbound. Doing this will block hosts in your network from connecting to lots of IP addresses which may infect them, attack them or even if a host is infected it may help stopping it connecting to its command and control server. I would also recommend logging any hits on these rules so you can spot attacks & infections.

      http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt (Shadowserver CnCs, Dshield, Russian Business Network).
      http://rules.emergingthreats.net/blockrules/compromised-ips.txt (Compromised)
      http://rules.emergingthreats.net/blockrules/rbn-malvertisers-ips.txt (Russian Business Network Malvertisers)
      http://www.ciarmy.com/list/ci-badguys.txt (Sentinel IPS collective attackers list)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.