ThreatSTOP Announces New Release
ThreatSTOP New Release - February 2011
ThreatSTOP has recently had a new release that offers the following improvements to our service
We have added a number of new data feed sources - specifically
- IP addresses from MalwareDomainList.com
- IP addresses/networks for the Russian Business Network from emergingthreats.net
- IP addresses from autoshun.org
- IP addresses of recent SSH cracking attempts from denyhosts.org
- IP addresses for the ZeuS and SpyEye botnet C&C hosts from abuse.ch
In addition we are now using MaxMind as the source of our Geographic blocklists. Our geographic blockers allow
subscribers to completely block access to/from entire countries. Currently we are offering two countries - Russia and China - however in the near future this will be extended to cover all nations.
We introduced support for Vyatta firewalls, used in both Bridged and Routing modes
We have improved our Cisco ASA support so that it can support the blocking of entire networks, not just individual IP addresses. Similar support has been added for checkpoint and pf (BSD based) firewalls.
Reporting / Analysis
We have made a number of improvements to the reporting and analysis part of our service:
- We have added a way for our subscribers to quickly check individual IP addresses or entire logs.
- We added support for manual log upload for safari and chrome users.
- We have also fixed some bugs in our log analysis code that meant that we did not report all blocked events that had occurred.
In the near future we will be revamping our website and as part of that providing a daily list of the "worst of the web".
This feature will name and (we hope) shame the owners and service providers of the very worst.
As noted above we will be adding more extensive geographic blocking. We will permit not only explicit blocking of a country but also the reverse, where we allow only traffic from a particular country (or list of countries).