From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
To: development@lists.ipfire.org
Subject: Re: Here we are again with another IP Blocklist series that looks like it has disappeared.
Date: Mon, 14 Oct 2024 21:16:25 +0100 [thread overview]
Message-ID: <73417d9a-bdf9-43dd-9116-37ba3c70572c@tfitzgeorge.me.uk> (raw)
In-Reply-To: <D1D1BCE7-ACF0-4A9F-833E-C1C9ED47DE1B@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1683 bytes --]
I think that there's always going to be an issue with this type of IP blocklist; these lists are all for the C&C for a particular malware. As time passes old malware goes out of use and hence this list becomes redundant.
I suppose it would be possible to write a script that reads the sources file and checks for changes in the list contents, and then raise a notification of some sort if a list doesn't change for say a month.
Regards,
Tim
On 14/10/2024 10:20, Michael Tremer wrote:
> Hello Adolf,
>
> This is indeed “great” news and I suppose this is just proving the point that we have discussed on here before…
>
> On the website there is no note or anything else that indicates any change: https://feodotracker.abuse.ch/blocklist/
>
> But I can confirm that the list currently have zero entries and the timestamp of the last update is 2024-08-23 12:01:06 UTC.
>
> Unless you get a response, let’s remove the lists for now.
>
> -Michael
>
>> On 8 Oct 2024, at 22:04, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi All,
>>
>> Here we are again with yet another three of the IP Blocklists looking like they have been forgotten about and are no longer being updated.
>>
>> The FEODO_RECOMMENDED and FEODO_IP lists are both empty of any IP's and have not been updated since 23rd August 2024.
>>
>> The FEODO_AGGRESSIVE list still has IP entries in it but they were last updated on 23rd August 2024.
>>
>> All three lists say they are re-generated every 5 minutes but that has clearly stopped for the last 6 weeks.
>>
>> I will contact the lists to see what their response on this is.
>>
>> Regards,
>>
>> Adolf.
>>
>
next prev parent reply other threads:[~2024-10-14 20:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-08 21:04 Adolf Belka
2024-10-14 9:20 ` Michael Tremer
2024-10-14 20:16 ` Tim FitzGeorge [this message]
2024-10-16 10:09 ` Michael Tremer
2024-10-16 10:33 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=73417d9a-bdf9-43dd-9116-37ba3c70572c@tfitzgeorge.me.uk \
--to=ipfr@tfitzgeorge.me.uk \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox