I haven't posted in a while but wanted to share something that I ran across earlier this week. malwaredomainlist.com is a great site that lists known bad domains/IPs. They post a text file that you can use on the site which I imported into the blacklist tab on the shield.
Two questions for the group
1. Is there a like capability already embedded in Snort which make this not applicable or does this provide us an added level of protection?
2. Anyone smart enough to automate this process?
The site Malwaredomainlist is already being used.
When you select web filter and then tick malicious, the shield will download the list of malicious sites, each night the shield will go and download the latest list of malicious site and update the Shield..
They at present four web sites that the Shield obtains malicious sites and ip addresses from.
If you do tick to filter out porn in web filter do remember that the list is very very large and will slow the shield down. I leave mine unticked and us openDNS which is free dns services to block porn sites, this way i can have the Shield spending more time looking at all the packages coming into my network that get pass so called virgin media router with firewall turned on
Well done for bring this forward if you find any more just post here and i will check if we can import their lists.