Home page logo

educause logo Educause Security Discussion mailing list archives

Re: EmergingThreats.net
From: "Jamie A. Stapleton" <jstapleton () COMPUTER-BUSINESS COM>
Date: Thu, 11 Oct 2012 16:47:26 -0400

We do this kind of thing in a Vyatta bridge so that we don't have to do it in our FW.  To avoid creating a single point 
of failure, we build these bridges on hardware that supports bypass option.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di 
Fabio, Andrea
Sent: Thursday, October 04, 2012 10:53 AM
Subject: [SECURITY] EmergingThreats.net


We have been using the following for many years now http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt on 
our border CISCO ASA firewalls with great success and little to no issues. A script pulls the new list, compares it 
with the old one and applies the delta.  We are currently switching to PaloAlto FWs and it appears that 
scripting/importing this large list may not be as easy as it was with the ASA.

Can those of you who use the ET list with PaloAlto give us some feedback/scripts/API on how you implemented it? We are 
also considering moving it to our border CISCO router either as an ACL or as a Null route, any feedback with the latter 
and/or scripts you may be using? My primary concern with using Null route is the fact that as far as I understand it, 
it can only block outbound traffic. The router ACL can accomplish blocking in/out, but my concern is with performance. 
What say you?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]