Educause Security Discussion
mailing list archives
From: "Jamie A. Stapleton" <jstapleton () COMPUTER-BUSINESS COM>
Date: Thu, 11 Oct 2012 16:47:26 -0400
We do this kind of thing in a Vyatta bridge so that we don't have to do it in our FW. To avoid creating a single point
of failure, we build these bridges on hardware that supports bypass option.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di
Sent: Thursday, October 04, 2012 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] EmergingThreats.net
We have been using the following for many years now http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt on
our border CISCO ASA firewalls with great success and little to no issues. A script pulls the new list, compares it
with the old one and applies the delta. We are currently switching to PaloAlto FWs and it appears that
scripting/importing this large list may not be as easy as it was with the ASA.
Can those of you who use the ET list with PaloAlto give us some feedback/scripts/API on how you implemented it? We are
also considering moving it to our border CISCO router either as an ACL or as a Null route, any feedback with the latter
and/or scripts you may be using? My primary concern with using Null route is the fact that as far as I understand it,
it can only block outbound traffic. The router ACL can accomplish blocking in/out, but my concern is with performance.
What say you?
- EmergingThreats.net Di Fabio, Andrea (Oct 04)
- Re: EmergingThreats.net Jamie A. Stapleton (Oct 11)