From swapneel at brainattic.in Wed Jun 3 12:07:21 2020 From: swapneel at brainattic.in (Swapneel Patnekar) Date: Wed, 3 Jun 2020 17:37:21 +0530 Subject: [DNSfirewalls] Public/Community RPZ Feeds Message-ID: Hello! I was looking at compiling a list of public/community RPZ feeds. Here are the ones that I am currently using, 1. https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/ 2. https://urlhaus.abuse.ch/downloads/rpz/ 3. https://scripttiger.github.io/alts/rpz/blacklist.txt Any others that you would recommend? Thank you. -- Best, Swapneel https://brainattic.in/blog -------------- next part -------------- An HTML attachment was scrubbed... URL: From pvm_job at mail.ru Wed Jun 3 16:03:31 2020 From: pvm_job at mail.ru (Vadim Pavlov) Date: Wed, 3 Jun 2020 09:03:31 -0700 Subject: [DNSfirewalls] Public/Community RPZ Feeds In-Reply-To: References: Message-ID: <61B183CF-80BA-4CDB-B757-7077293E4397@mail.ru> I?m running ioc2rpz community web-site (https://ioc2rpz.net ). It is powered by my open source project ioc2rpz - a DNS server which pulls TI and generate/maintain RPZ feeds. As for now the following RPZ feeds are available on the community portal: - bogons-ipv4.ioc2rpz Bogon IPv4 prefixes by Team Cymru (https://www.team-cymru.com/bogon-reference.html). A bogon prefix is a route that should never appear in the Internet routing table. The RPZ feed includes IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user. - dga-360.ioc2rpz DGA feed powered by Netlab 360 (http://data.netlab.360.com/dga/). It contains domains generated by malware: bamital, banjori, blackhole, ccleaner, chinad, conficker, cryptolocker, dircrypt, dyre, emotet, enviserv, feodo, fobber gameover, gspy, locky, madmax, matsnu, mirai, murofet, mydoom, necurs, nymaim, omexo, padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus, rovnix, shifu, shiotob, simda, suppobox, symmi, tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro, virut, xshellghost. - dns-bh.ioc2rpz DNS-BH ? Malware Domain Blocklist by RiskAnalytics (http://www.malwaredomains.com). - doh.ioc2rpz The feed contains publicly available DNS over HTTPs (DoH) servers and canary domains (https://raw.githubusercontent.com/DNScrypt/dnscrypt-resolvers/master/v2/public-resolvers.md). It is very important when you protect your network on DNS to block communications to any 3rd party DNS server your applications or devices may use. - local.ioc2rpz Block local, non Internet routable networks and domains (e.g. RFE-1918) to protect against DNS rebinding attack. - notracking.ioc2rpz No more ads, tracking and other virtual garbage (https://github.com/notracking/hosts-blocklists). BR, Vadim > On Jun 3, 2020, at 05:07, Swapneel Patnekar wrote: > > Hello! > > I was looking at compiling a list of public/community RPZ feeds. Here are the ones that I am currently using, > > 1. https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/ > 2. https://urlhaus.abuse.ch/downloads/rpz/ > 3. https://scripttiger.github.io/alts/rpz/blacklist.txt > > Any others that you would recommend? Thank you. > > -- > Best, > Swapneel > https://brainattic.in/blog _______________________________________________ > DNSfirewalls mailing list > DNSfirewalls at lists.redbarn.org > http://lists.redbarn.org/mailman/listinfo/dnsfirewalls -------------- next part -------------- An HTML attachment was scrubbed... URL: From bgreene at senki.org Wed Jun 3 16:13:23 2020 From: bgreene at senki.org (Barry Greene) Date: Wed, 3 Jun 2020 09:13:23 -0700 Subject: [DNSfirewalls] Public/Community RPZ Feeds In-Reply-To: References: Message-ID: <68AD021A-6A68-4EAD-B018-325F81A76324@senki.org> Here are some others to check out: Deteque Free Threat Feeds Setup - https://www.spamhaustech.com/custom-content/uploads/2020/04/DNS-Firewall-FREE-Feed-Guide-2019.pdf Own your DNS - https://ioc2rpz.net/ Have you walked through this list? https://github.com/hslatman/awesome-threat-intelligence > On Jun 3, 2020, at 5:07 AM, Swapneel Patnekar wrote: > > Hello! > > I was looking at compiling a list of public/community RPZ feeds. Here are the ones that I am currently using, > > 1. https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/ > 2. https://urlhaus.abuse.ch/downloads/rpz/ > 3. https://scripttiger.github.io/alts/rpz/blacklist.txt > > Any others that you would recommend? Thank you. > > -- > Best, > Swapneel > https://brainattic.in/blog _______________________________________________ > DNSfirewalls mailing list > DNSfirewalls at lists.redbarn.org > http://lists.redbarn.org/mailman/listinfo/dnsfirewalls -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: