MineMeld real-world usage to reduce threats?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

MineMeld real-world usage to reduce threats?

L4 Transporter

So far I'm using MineMeld to pull Dshield and Spamhaus feeds to use to block inbound connections to our internet facing servers.


Whilst there are loads of miners I'd love to know which ones people have found "safe" enough to use on production inbound and outbound traffic/rules and how much of an impact it's had - with 70 or so miners to choose from I simply can't test them all 🙂


L7 Applicator

Hi @networkadmin,

are you consuming the indicators with Palo Alto Networks NGFW ? or pushing them to a SIEM or TIP ?


Right now all we have is our PAN

Right now using on PAN FWs ingress filtering:


  • Team Cymru's bogon: mostly traffic from misconfigured
  • Team Cymru's fullbogon: some stuff, confirmed bad (scans for known brute-forceable services)
  • Spamhaus DROP: significant amounts of traffic, confirmed bad
  • Spamhaus EDROP: few stuff, confirmed bad
  • DSHIELD top 20 /24s: 1000x all the above, lots of shodan.io and research scans; it's important to understand that their authors build it for research purposes, not for blocking, so false positives are a real possibility.
  • Openbl.org medium confidence
  • blocklist.de: medium confidence

What we do is using each EDL in different positions in the Security Policy chain,  to minimize the impact of false positives, so for example a medium or low confidence EDL impacts low priority networks (wifi, guests, dialup).



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!