From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/3] sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources
Date: Fri, 19 Apr 2024 15:39:39 +0200 [thread overview]
Message-ID: <20240419133941.3503396-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 3440 bytes --]
- ALIENVAULT has not been updated since at least Nov 2022 but probably earlier. There is no
date for the file to be downloaded but a forum user has log messages from Nov 2022 that
indicate the file had not changed as therefore no download occurred.
- AT&T aquired AlienVault in August 2018. Somewhere between 2018 and 2022 the list stopped
getting updated. AlienVault references on the AT&T website are now for a different
product.
- Discussed in IPFire conf call of April 2024 and agreed to remove the ALIENVAULT
blocklist.
- On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP list. The eDROP
list is still available but is now empty. Trying to select the SPAMHAUS_EDROP list
gives an error message that the blocklist was found to be empty.
- This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists from the ipblocklist
sources file.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/ipblocklist/sources | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index be0cf0229..0835c0f9c 100644
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -55,12 +55,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis
'parser' => 'ip-or-net-list',
'rate' => '12h',
'category' => 'reputation' },
- 'SPAMHAUS_EDROP' => { 'name' => "Spamhaus Extended Don't Route or Peer List",
- 'url' => 'https://www.spamhaus.org/drop/edrop.txt',
- 'info' => 'https://www.spamhaus.org/drop/',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1h',
- 'category' => 'reputation' },
'DSHIELD' => { 'name' => 'Dshield.org Recommended Block List',
'url' => 'https://www.dshield.org/block.txt',
'info' => 'https://dshield.org/',
@@ -106,12 +100,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis
'parser' => 'ip-or-net-list',,
'rate' => '1h',
'category' => 'application' },
- 'ALIENVAULT' => { 'name' => 'AlienVault IP Reputation database',
- 'url' => 'https://reputation.alienvault.com/reputation.generic',
- 'info' => 'https://www.alienvault.com/resource-center/videos/what-is-ip-domain-reputation',
- 'parser' => 'ip-or-net-list',
- 'rate' => '1h',
- 'category' => 'reputation' },
'BOGON' => { 'name' => 'Bogus address list (Martian)',
'url' => 'https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt',
'info' => 'https://www.team-cymru.com/bogon-reference',
--
2.44.0
next reply other threads:[~2024-04-19 13:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 13:39 Adolf Belka [this message]
2024-04-19 13:39 ` [PATCH 2/3] update.sh: Remove existing entries for ALIENVAULT & SPAMHAUS_EDROP Adolf Belka
2024-04-19 13:39 ` [PATCH 3/3] backup.pl: removes any references to ALIENVAULT & SPAMHAUSEDROP from restores Adolf Belka
2024-04-20 8:24 ` [PATCH 1/3] sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources Rob Brewer
2024-04-20 10:18 ` Adolf Belka
2024-04-20 10:45 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240419133941.3503396-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox