We are happy to announce the release of a new Blacklist target for our IP Firewall service.
- TSInbound – ThreatSTOP exclusive, expert target. Created by the ThreatSTOP security team, this target is used to share specific information about inbound attacks as curated by our Security Research Team. The target contains manually validated IP addresses that are known to participate in inbound attacks on different networks, including attempted attacks on our customers. Among the attacks that will be included in this list you can find SSH brute forcing attempts, scanning activities, IPs that were seen initiating SQLi attacks, and much more.
We have also added two new whitelist targets for both our IP and DNS Firewall customers:
- Top Public DNS Servers – This list includes the most popular public DNS servers, such as Google and OpenDNS. The addresses included can be used to whitelist popular, trusted DNS service providers. Including this list in your policy will ensure that users can setup their systems to use these public DNS services. This is done by allowing DNS traffic to flow through the normally blocked DNS port out to those specific addresses.
- Microsoft Azure Whitelist – Azure is a cloud hosting platform provided by Microsoft. Because of the many different groups that host their services with Azure, communication with the platform should be tightly regulated to known safe addresses. This whitelist includes all official Azure addresses including China, as supplied by Microsoft. This target should only be used if communications with the entire Azure service are required. Otherwise we suggest whitelisting communications with services specific to your company.
Additionally, we’ve updated the UNIX Server targets (both Standard and Expert mode) to include data from the TSInbound list. This will keep sensitive host machines that are already protected by ThreatSTOP up-to-date with the most recent confirmed threats seen by our team.
We highly recommend that you review your policies and update them with the newly available targets. We will be happy to assist at making these changes and setting the best policy for your organization’s needs. For assistance and upgrading to DNS Firewall – contact us at 1-855-958-7867 or