This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
the_rock
MVP Diamond
MVP Diamond
‎2024-04-26 09:21 AM

Network feed

Hey boys and girls,

Happy Friday! Figured would share this, as its super useful, specially for anyone who is not running AV or AB blades on the firewall to block known bad IPs out there. All you do is create new network feed (can only be tested if running R81.20) and then those can be used to block the traffic from those feeds. There are 8 of them and all you do is replace number 1-8 in the link below:

Github link -> https://github.com/stamparm/ipsum

feed example -> https://raw.githubusercontent.com/stamparm/ipsum/master/levels/1.txt

You can create 8 separate network feeds, simply keep replacing numbers sequentially, 1 to 8.

Thanks @delToro1 for sharing this in my other IOC post.

I set it up in my Azure lab and so far, got 140K hits in less than 1 day, that is super impressive even though its Azure, but I got no hosts behind the fw in that lab at all.

Example:

Screenshot_1.png

Thanks a bunch as well to Miroslav Stampar for creating this.

https://github.com/stamparm

https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

 

IMPORTANT NOTE:

PLEASE DONT USE EMERG AND SAMPARM FEED 1 TO BEGIN WITH, since I had few customers having issues with those feeds. Samparm 2-8 are fine, no issues.

 

Best,

 

Andy

Best,
Andy
"Have a great day and if its not, change it"
(1)
Who rated this post