From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
To: development@lists.ipfire.org
Subject: Re: Here we are again with another IP Blocklist series that looks
 like it has disappeared.
Date: Mon, 14 Oct 2024 21:16:25 +0100
Message-ID: <73417d9a-bdf9-43dd-9116-37ba3c70572c@tfitzgeorge.me.uk>
In-Reply-To: <D1D1BCE7-ACF0-4A9F-833E-C1C9ED47DE1B@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4412604661325961498=="
List-Id: <development.lists.ipfire.org>

--===============4412604661325961498==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

I think that there's always going to be an issue with this type of IP blockli=
st; these lists are all for the C&C for a particular malware.  As time passes=
 old malware goes out of use and hence this list becomes redundant.

I suppose it would be possible to write a script that reads the sources file =
and checks for changes in the list contents, and then raise a notification of=
 some sort if a list doesn't change for say a month.

Regards,
Tim
On 14/10/2024 10:20, Michael Tremer wrote:
> Hello Adolf,
>=20
> This is indeed =E2=80=9Cgreat=E2=80=9D news and I suppose this is just prov=
ing the point that we have discussed on here before=E2=80=A6
>=20
> On the website there is no note or anything else that indicates any change:=
 https://feodotracker.abuse.ch/blocklist/
>=20
> But I can confirm that the list currently have zero entries and the timesta=
mp of the last update is 2024-08-23 12:01:06 UTC.
>=20
> Unless you get a response, let=E2=80=99s remove the lists for now.
>=20
> -Michael
>=20
>> On 8 Oct 2024, at 22:04, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi All,
>>
>> Here we are again with yet another three of the IP Blocklists looking like=
 they have been forgotten about and are no longer being updated.
>>
>> The FEODO_RECOMMENDED and FEODO_IP lists are both empty of any IP's and ha=
ve not been updated since 23rd August 2024.
>>
>> The FEODO_AGGRESSIVE list still has IP entries in it but they were last up=
dated on 23rd August 2024.
>>
>> All three lists say they are re-generated every 5 minutes but that has cle=
arly stopped for the last 6 weeks.
>>
>> I will contact the lists to see what their response on this is.
>>
>> Regards,
>>
>> Adolf.
>>
>=20


--===============4412604661325961498==--