Educause Security Discussion mailing list archives
EmergingThreats.net
From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Thu, 4 Oct 2012 10:53:14 -0400
Experts, We have been using the following for many years now http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt on our border CISCO ASA firewalls with great success and little to no issues. A script pulls the new list, compares it with the old one and applies the delta. We are currently switching to PaloAlto FWs and it appears that scripting/importing this large list may not be as easy as it was with the ASA. Can those of you who use the ET list with PaloAlto give us some feedback/scripts/API on how you implemented it? We are also considering moving it to our border CISCO router either as an ACL or as a Null route, any feedback with the latter and/or scripts you may be using? My primary concern with using Null route is the fact that as far as I understand it, it can only block outbound traffic. The router ACL can accomplish blocking in/out, but my concern is with performance. What say you?
Attachment:
smime.p7s
Description:
Current thread:
- EmergingThreats.net Di Fabio, Andrea (Oct 04)
- Re: EmergingThreats.net Di Fabio, Andrea (Oct 05)
- Re: EmergingThreats.net Charlie Reitsma (Oct 12)
- Re: EmergingThreats.net Will Froning (Nov 06)
- Re: EmergingThreats.net King, Ronald A. (Nov 06)
- Re: EmergingThreats.net Di Fabio, Andrea (Nov 06)
- Re: EmergingThreats.net Charlie Reitsma (Oct 12)
- Re: EmergingThreats.net Di Fabio, Andrea (Oct 05)
- Re: EmergingThreats.net Jamie A. Stapleton (Oct 11)