D-Link Firewall Blacklist

[Deathstroke]

Hello fellow networkers,

 

For a client, I currently have a D-Link firewall configured into their network, they have been using the D-Link NetDefend service for preconfigured blacklists and AV, but want to cut the cost of the subscription out.

 

Is there any database where I could find a mass list of bad, malware, and unwanted sites to manually configure into the firewall? Or do I just have to go off my best judgement, or what they "think" they want to block?

 

Thanks in advanced!

[rufee]

I found a tool that lets you check if the ip is in any of many blacklists: http://ip-blacklist.e-dns.org/10.10.10.10

Anyway the problem is that there are many blacklists and you cant add them all, the best way would be to search for some of them im sure the most relevant ones will pop up.

 

What is the model number on that firewall ?

[LAwLz]

I assume you want to do this for a company, correct? You should check their security policy before implementing things, that should also tell you what they consider acceptable and what's considered unacceptable use of the company computers. Also, just using a firewall to only block infected sites is a bad idea, since that will leave you wide open to a ton of attacks which uses technologies other than web-based attacks.

 

Anyway about your question, manually configuring attack signatures to block is a very bad idea, because that won't protect you from the newest attacks (unless you start the day by manually adding hundreds of new entries). As far as I know, there is no free service which publishes databases for IPS, but then again I am only familiar with IronPort so maybe I am wrong on that. Anyway if you want to be protected then you need a subscription to some service which automatically pushes out updates.

[greg2126]

Try taking a look at http://www.opendns.com/ and see if this fits your needs.