- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-22-2018 06:05 AM
Does anyone know any free External Dynamic Lists for DNS signatures to use in conjunction with the Palo DNS Signatures? We would like some extra protection for our anti-spyware protection.
10-22-2018 08:22 AM
Hello,
Check on these:
Source on PAN support:
https://live.paloaltonetworks.com/message/54183#54183
Sans notes on this:
Others listed on this site:
http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
http://malc0de.com/bl/IP_Blacklist.txt
http://panwdbl.appspot.com/lists/openbl.txt
http://cinsscore.com/list/ci-badguys.txt
You can also create your won using mindmeld.
Regards,
10-22-2018 08:36 AM
Thanks, Otakar. These are all IP lists though. I was looking for something for DNS sinkholing or blocking requests for malicious domains.
10-22-2018 08:55 AM
Hello,
Another thing to remember is that dns sinkholing is one of serveral defences that the PAN has. It also uses url filtering and I always recommend blocking the following categories:
command-and-control
dynamic-dns
malware
parked
phishing
unknown
Think of the sinkhole as your zero-day threat protection and the URL filter as the classic signature based approach.
Hope that helps.
10-22-2018 10:07 AM
malwaredomains.com hosts a relatively decent list but it's only available in a zip file to the best of my knowledge, so you would need to do some manual work on your end for that. Otherwise ZeuS hosts one HERE that's updated on a regular basis and can be fed directly to the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!