[DNSfirewalls] Public/Community RPZ Feeds
pvm_job at mail.ru
Wed Jun 3 16:03:31 UTC 2020
I’m running ioc2rpz community web-site (https://ioc2rpz.net <https://ioc2rpz.net/>). It is powered by my open source project ioc2rpz - a DNS server which pulls TI and generate/maintain RPZ feeds.
As for now the following RPZ feeds are available on the community portal:
Bogon IPv4 prefixes by Team Cymru (https://www.team-cymru.com/bogon-reference.html). A bogon prefix is a route that should never appear in the Internet routing table. The RPZ feed includes IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user.
DGA feed powered by Netlab 360 (http://data.netlab.360.com/dga/). It contains domains generated by malware: bamital, banjori, blackhole, ccleaner, chinad, conficker, cryptolocker, dircrypt, dyre, emotet, enviserv, feodo, fobber gameover, gspy, locky, madmax, matsnu, mirai, murofet, mydoom, necurs, nymaim, omexo, padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus, rovnix, shifu, shiotob, simda, suppobox, symmi, tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro, virut, xshellghost.
DNS-BH – Malware Domain Blocklist by RiskAnalytics (http://www.malwaredomains.com).
The feed contains publicly available DNS over HTTPs (DoH) servers and canary domains (https://raw.githubusercontent.com/DNScrypt/dnscrypt-resolvers/master/v2/public-resolvers.md). It is very important when you protect your network on DNS to block communications to any 3rd party DNS server your applications or devices may use.
Block local, non Internet routable networks and domains (e.g. RFE-1918) to protect against DNS rebinding attack.
No more ads, tracking and other virtual garbage (https://github.com/notracking/hosts-blocklists).
> On Jun 3, 2020, at 05:07, Swapneel Patnekar <swapneel at brainattic.in> wrote:
> I was looking at compiling a list of public/community RPZ feeds. Here are the ones that I am currently using,
> 1. https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/ <https://www.spamhaustech.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/>
> 2. https://urlhaus.abuse.ch/downloads/rpz/ <https://urlhaus.abuse.ch/downloads/rpz/>
> 3. https://scripttiger.github.io/alts/rpz/blacklist.txt <https://scripttiger.github.io/alts/rpz/blacklist.txt>
> Any others that you would recommend? Thank you.
> https://brainattic.in/blog <https://brainattic.in/blog>_______________________________________________
> DNSfirewalls mailing list
> DNSfirewalls at lists.redbarn.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the DNSfirewalls