From: Rob Brewer <ipfire-devel@grantura.co.uk>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/3] sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources
Date: Sat, 20 Apr 2024 08:24:45 +0000 [thread overview]
Message-ID: <uvvu4d$361kv$1@tuscan4.grantura.co.uk> (raw)
In-Reply-To: <20240419133941.3503396-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4341 bytes --]
On Fri, 19 Apr 2024 15:39:39 +0200, Adolf Belka wrote:
> - ALIENVAULT has not been updated since at least Nov 2022 but probably
> earlier. There is no
> date for the file to be downloaded but a forum user has log messages
> from Nov 2022 that indicate the file had not changed as therefore no
> download occurred.
> - AT&T aquired AlienVault in August 2018. Somewhere between 2018 and
> 2022 the list stopped
> getting updated. AlienVault references on the AT&T website are now
> for a different product.
> - Discussed in IPFire conf call of April 2024 and agreed to remove the
> ALIENVAULT
> blocklist.
> - On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP
> list. The eDROP
> list is still available but is now empty. Trying to select the
> SPAMHAUS_EDROP list gives an error message that the blocklist was
> found to be empty.
> - This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists
> from the ipblocklist
> sources file.
>
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/ipblocklist/sources | 12 ------------
> 1 file changed, 12 deletions(-)
>
> diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
> index be0cf0229..0835c0f9c 100644 --- a/config/ipblocklist/sources +++
> b/config/ipblocklist/sources @@ -55,12 +55,6 @@ our %sources = (
> 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis
> 'parser' => 'ip-or-net-list',
> 'rate' => '12h',
> 'category' => 'reputation' },
> - 'SPAMHAUS_EDROP' => { 'name' => "Spamhaus Extended
> Don't Route or Peer List",
> - 'url' =>
> 'https://www.spamhaus.org/drop/edrop.txt',
> - 'info' =>
> 'https://www.spamhaus.org/drop/',
> - 'parser' => 'ip-or-net-list',
> - 'rate' => '1h',
> - 'category' => 'reputation' },
> 'DSHIELD' => { 'name' => 'Dshield.org
> Recommended Block List',
> 'url' =>
> 'https://www.dshield.org/
block.txt',
> 'info' =>
> 'https://dshield.org/',
> @@ -106,12 +100,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name'
> => 'Emerging Threats Blocklis
> 'parser' => 'ip-or-net-list',,
> 'rate' => '1h',
> 'category' => 'application' },
> - 'ALIENVAULT' => { 'name' => 'AlienVault IP
> Reputation database',
> - 'url' =>
> 'https://reputation.alienvault.com/reputation.generic',
> - 'info' =>
> 'https://www.alienvault.com/resource-center/videos/what-is-ip-domain-
reputation',
> - 'parser' => 'ip-or-net-list',
> - 'rate' => '1h',
> - 'category' => 'reputation' },
> 'BOGON' => { 'name' => 'Bogus address list
> (Martian)',
> 'url' =>
> 'https://www.team-cymru.org/
Services/Bogons/bogon-bn-agg.txt',
It would appear that SPAMHAUS_EDROP has been merged into SPAMHAUS_DROP
list.
"; This list has been merged into https://www.spamhaus.org/drop/drop.txt
; Spamhaus EDROP List 2024/04/19 - (c) 2024 The Spamhaus Project
; https://www.spamhaus.org/drop/edrop.txt
; Last-Modified: Fri, 19 Apr 2024 13:49:21 GMT
; Expires: Sat, 20 Apr 2024 13:49:21 GMT
; EOF
I think it would be better to change the URL in the sources list from:
https://www.spamhaus.org/drop/edrop.txt
to
https://www.spamhaus.org/drop/drop.txt
Rather than just remove the list from the sources file.
Rob Brewer
> 'info' =>
> 'https://www.team-cymru.com/bogon-
reference',
next prev parent reply other threads:[~2024-04-20 8:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 13:39 Adolf Belka
2024-04-19 13:39 ` [PATCH 2/3] update.sh: Remove existing entries for ALIENVAULT & SPAMHAUS_EDROP Adolf Belka
2024-04-19 13:39 ` [PATCH 3/3] backup.pl: removes any references to ALIENVAULT & SPAMHAUSEDROP from restores Adolf Belka
2024-04-20 8:24 ` Rob Brewer [this message]
2024-04-20 10:18 ` [PATCH 1/3] sources: Removal of ALIENVAULT and SPAMHAUS_EDROP from ipblocklist sources Adolf Belka
2024-04-20 10:45 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='uvvu4d$361kv$1@tuscan4.grantura.co.uk' \
--to=ipfire-devel@grantura.co.uk \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox