[Wireshark-bugs] [Bug 14030] Add a blacklist of ip addresses similar to GeoIP

Wed, 30 Jan 2019 12:22:47 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14030

--- Comment #2 from Betty DuBois <be...@netdetect.co> ---
(In reply to Guy Harris from comment #1)
> (In reply to Betty DuBois from comment #0)
> > Currently I download DNS registrar data from MaxMind which imports into
> > Wireshark beautifully.
> 
> Are you talking about their standard GeoIP database, which is more than just
> a list of IP addresses, or something else?
> 
> > Has their ever been the same thought with
> > blacklisted IPs?  It is a color rule just waiting to happen.  
> 
> Actually, a *general* ability to define lists of IP addresses, and allow
> packet-matching rules to say "ip.addr in {name-of-list}" or something such
> as that, might be useful; checking for blacklisted IP addresses would be
> just one application of that mechanism.
> 
> > http://www.dnsbl.info/ gives the ability to check an address, but I couldn't
> > find a way to download any database.
> > 
> > Has anyone ever thought of this and knows of such a
> > downloadable/consistently updated list?
> 
> I ran my ISP's mail server IP address through www.dnsbl.info (it was marked
> OK) and then looked at the list of DNSBL servers, picked one of the
> uceprotect.net ones, and poked around and found some download links - but
> they're broken.  I'm not sure whether abuse.ch has a downloadable list or
> not.
> 
> It may be that some of those blacklists are Blacklist-as-a-Service sites, in
> which case what we might need is the ability to have Wireshark query the
> service about a given IP address (and cache the result) either using
> built-in code (if there's some sort of standard protocol) or using plugins
> (compiled or Lua).


Yes, I meant the GeoIP database.  No, I have no knowledge of an
updated/downloadable list. Would ask.wireshark.org be a better place for me to
post this type of question?  I will post it there and my LinkedIn group in
hopes of a link.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to