From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Here we are again with another IP Blocklist series that looks like it has disappeared. Date: Wed, 16 Oct 2024 11:09:19 +0100 Message-ID: <56F28F45-2921-403C-B1FA-11D97638656D@ipfire.org> In-Reply-To: <73417d9a-bdf9-43dd-9116-37ba3c70572c@tfitzgeorge.me.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0763136269819415520==" List-Id: --===============0763136269819415520== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Tim, > On 14 Oct 2024, at 21:16, Tim FitzGeorge wrote: >=20 > I think that there's always going to be an issue with this type of IP block= list; these lists are all for the C&C for a particular malware. As time pass= es old malware goes out of use and hence this list becomes redundant. I am not complaining about some change here. Change normally is good and I ag= ree with that we should not carry around lists that have no reason to exist i= n the current day and age. The world is a fast-changing place and we should k= eep up. The problem is rather that we always find out very late about this. There are= no announcements, no notifications on the websites. Nothing. Some of the people who create those lists (not thinking about this particular= one, but it has happened in the past) do not feel like they have any obligat= ion to theirs users. That might be fine for most, but we cannot use those lis= ts then when they keep coming and going and nobody feels responsible about do= ing their best. This also slightly loops back with the RPZ feature that Jon is working on, wh= ere there are not any trustworthy sources for any type of blocklist. Just som= e hobby projects. > I suppose it would be possible to write a script that reads the sources fil= e and checks for changes in the list contents, and then raise a notification = of some sort if a list doesn't change for say a month. Or we could simply add a hint on the web UI if a list has zero entries, but I= am sure that will only put pressure on us to deal with things promptly. Exac= tly the opposite of what I would be looking for. Best, -Michael >=20 > Regards, > Tim > On 14/10/2024 10:20, Michael Tremer wrote: >> Hello Adolf, >> This is indeed =E2=80=9Cgreat=E2=80=9D news and I suppose this is just pro= ving the point that we have discussed on here before=E2=80=A6 >> On the website there is no note or anything else that indicates any change= : https://feodotracker.abuse.ch/blocklist/ >> But I can confirm that the list currently have zero entries and the timest= amp of the last update is 2024-08-23 12:01:06 UTC. >> Unless you get a response, let=E2=80=99s remove the lists for now. >> -Michael >>> On 8 Oct 2024, at 22:04, Adolf Belka wrote: >>>=20 >>> Hi All, >>>=20 >>> Here we are again with yet another three of the IP Blocklists looking lik= e they have been forgotten about and are no longer being updated. >>>=20 >>> The FEODO_RECOMMENDED and FEODO_IP lists are both empty of any IP's and h= ave not been updated since 23rd August 2024. >>>=20 >>> The FEODO_AGGRESSIVE list still has IP entries in it but they were last u= pdated on 23rd August 2024. >>>=20 >>> All three lists say they are re-generated every 5 minutes but that has cl= early stopped for the last 6 weeks. >>>=20 >>> I will contact the lists to see what their response on this is. >>>=20 >>> Regards, >>>=20 >>> Adolf. >>>=20 >=20 --===============0763136269819415520==--