Comment by Joel_Mckay

4 days ago

>I don't have a filter list for compromised proxy servers and VPNs.

Someone just joined the nuisance forums, and grabs the same Socks/Telegram proxy list they all use (mostly old infected/open servers.) When it comes to firewall rules it is a sensitive matter, and depends on the firewall setup (black-hole bans are generally considered rude, as even handshakes are lost.)

For fairly recent personal ban lists could try:

https://github.com/bitwire-it/ipblocklist

https://www.iblocklist.com/lists

And a Pi-hole router as a DNS sinkhole:

https://github.com/pi-hole/pi-hole

Sanitizing IP lists both before and after parsing is important, and checking for malformed or whitelisted blocks is wise.

>Outbound, now that is more difficult to assess

SELinux and firewall rules will handle that just fine for services, but is cumbersome for desktop users. In general, most just try "unshare -r -n /home/$USER/someApp" or a sandbox/VM to prevent some useful user-space program from connecting to the web.

Dumping local traffic with wireshark or iftop is also rather common practice.

Best of luck, =3

0 comments

Joel_Mckay

No comments yet

Contribute on Hacker News ↗