Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Suspending Suspicious Domain Feed / Update to Researcher IP Feed

Published: 2020-06-04
Last Updated: 2020-06-04 11:57:07 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

Yesterday, Peter from DNSFilter send us a message noting that many of the domains in our "Suspicious Domain" feed no longer resolved, and some of the feeds we used as input were no longer maintained. After investigating, I have to agree with him. The remaining feeds don't make a valuable service at this point. The idea of the "Suspicious Domain" list was to aggregate different lists, but with essentially only 1 or 2 lists left, that doesn't make sense and I decided to no longer maintain the feed until we find new inputs. The respective files will still be offered by they are empty to not break any existing scripts that use them (they are quite popular).

Recently, I also talked about our API feature to retrieve IP addresses used by researchers scanning the Internet. I yesterday added about 150 IPs used by security.ipip.net. See https://isc.sans.edu/api/threatcategory/research

Please keep the feedback coming. I am always interested in improving the quality of our data.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords:
2 comment(s)
Diary Archives