csf.blocklists - Invalid URL for Russian Business Networks

Post Reply
terryr
Junior Member
Posts: 17
Joined: 19 Apr 2011, 14:37

csf.blocklists - Invalid URL for Russian Business Networks

Post by terryr »

Hello,

The URL in csf.blocklists is invalid:

Code: Select all

#RBN|86400|0|http://rules.emergingthreats.net/blockrules/rbn-ips.txt
I went through the EmergingThreats website and found these links which may be of interest:

Detail: http://doc.emergingthreats.net/bin/view ... essNetwork - lists a number of links to text files which contain ips.
http://doc.emergingthreats.net/pub/Main ... orkIPs.txt - last update seems to be February 2012 so not sure how accurate this list would be over two years on. There's no date in the list itself so I don't know if the list is current and it's just the detail page that's out of date.

The only IP lists I could find in the rules subdomain were these two which both have a last update of April 3, 2014:
Detail: http://doc.emergingthreats.net/bin/view ... omisedHost - seems to be a compilation of Brute Force Blocker and OpenBL and possibly others which are already covered separately in csf.blocklists.
http://rules.emergingthreats.net/blockr ... ed-ips.txt

No detail page for this one:
http://rules.emergingthreats.net/fwrule ... ck-IPs.txt - seems to be a compilation of Shadowserver C&C and DShield . Shadowserver's website states that it "does not create, maintain, or distribute any blacklists." So perhaps the Shadowserver part of this list might be worthy of inclusion in CSF.

Terry
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: csf.blocklists - Invalid URL for Russian Business Networ

Post by ForumAdmin »

They are example RBL's listed in the csf.blocklists file. You're free to alter or add whatever lists you want to it. As time passes some listed in there will indeed change or die out, like the RBN one, and you will have to change that file to suit your needs.
terryr
Junior Member
Posts: 17
Joined: 19 Apr 2011, 14:37

Re: csf.blocklists - Invalid URL for Russian Business Networ

Post by terryr »

Okay. Thanks.

I understand that each URL is scanned for an IPv4/CIDR address per line. Are duplicate ips removed? For example, if I want to add Shadowserver C&C will the duplicate DShield entries in that list be removed?
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: csf.blocklists - Invalid URL for Russian Business Networ

Post by ForumAdmin »

No, duplicates are not removed as each list is added separately to their own iptables chain so that they can be easily updated.
Post Reply