[DNSfirewalls] Public/Community RPZ Feeds

Vadim Pavlov pvm_job at mail.ru
Wed Jun 3 16:03:31 UTC 2020


I’m running ioc2rpz community web-site (https://ioc2rpz.net <https://ioc2rpz.net/>). It is powered by my open source project ioc2rpz - a DNS server which pulls TI and generate/maintain RPZ feeds.

As for now the following RPZ feeds are available on the community portal:

- bogons-ipv4.ioc2rpz
Bogon IPv4 prefixes by Team Cymru (https://www.team-cymru.com/bogon-reference.html). A bogon prefix is a route that should never appear in the Internet routing table. The RPZ feed includes IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user.

- dga-360.ioc2rpz
DGA feed powered by Netlab 360 (http://data.netlab.360.com/dga/). It contains domains generated by malware: bamital, banjori, blackhole, ccleaner, chinad, conficker, cryptolocker, dircrypt, dyre, emotet, enviserv, feodo, fobber gameover, gspy, locky, madmax, matsnu, mirai, murofet, mydoom, necurs, nymaim, omexo, padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus, rovnix, shifu, shiotob, simda, suppobox, symmi, tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro, virut, xshellghost.

- dns-bh.ioc2rpz
DNS-BH – Malware Domain Blocklist by RiskAnalytics (http://www.malwaredomains.com).

- doh.ioc2rpz
The feed contains publicly available DNS over HTTPs (DoH) servers and canary domains (https://raw.githubusercontent.com/DNScrypt/dnscrypt-resolvers/master/v2/public-resolvers.md). It is very important when you protect your network on DNS to block communications to any 3rd party DNS server your applications or devices may use.

- local.ioc2rpz
Block local, non Internet routable networks and domains (e.g. RFE-1918) to protect against DNS rebinding attack.

- notracking.ioc2rpz
No more ads, tracking and other virtual garbage (https://github.com/notracking/hosts-blocklists).

BR,
Vadim
> On Jun 3, 2020, at 05:07, Swapneel Patnekar <swapneel at brainattic.in> wrote:
> 
> Hello!
> 
> I was looking at compiling a list of public/community RPZ feeds. Here are the ones that I am currently using,
> 
> 1. https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/ <https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/>
> 2. https://urlhaus.abuse.ch/downloads/rpz/ <https://urlhaus.abuse.ch/downloads/rpz/>
> 3. https://scripttiger.github.io/alts/rpz/blacklist.txt <https://scripttiger.github.io/alts/rpz/blacklist.txt>
> 
> Any others that you would recommend? Thank you. 
> 
> -- 
> Best, 
> Swapneel
> https://brainattic.in/blog <https://brainattic.in/blog>_______________________________________________
> DNSfirewalls mailing list
> DNSfirewalls at lists.redbarn.org
> http://lists.redbarn.org/mailman/listinfo/dnsfirewalls

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20200603/db4c39ac/attachment.htm>


More information about the DNSfirewalls mailing list