Thank you for conducting the tests and providing your comments.
MOAB Downloads are protected using HTTPS-Auth - encrypted - since I am using mode=https
For Text file processing I am not aware that the 4096 characters in size limitation has been changed — all the lists I provide are large – I would much prefer to use txt vs rsc but until the file sie limitation is changed I’ll stick with RSC’s.
The diff files currently provide a very simple method to determine if a download is needed – if empty no download – if it has content download.the replacement – what I eventually will do with the diffs is if they do contain new content take that content and add/subtract to the existing list – however its quite a bit more complex than my simple description – I much rather take the KISS approach currently.. FYI, the diff files when they do contain content – that content is the new IP’s being added and some IP’s that may need to be removed.
You are correct that I currently do not use a DB approach to user control because that would add significantly to the cost and I want to keep the cost as low as possible. Abuse is monitored on a daily basis and as soon as it is spotted that account is terminated.
I noticed that the account I provided you was not accessed?
[EDIT} I just now [2018 08 13 @ 10:01 AM] did another audit and see for the first time that you have 11 account access calls . – I assume to support your earlier comment.
That question is answered in the prerequisites link which I will reproduce here for you with a little more detail.
The Firewall rule for MOAB2 must be placed in IP Firewall Filter and not in RAW otherwise your VoIP service may not work plus certain websites will fail to load.
When 1 rule was used In my test bed using 20 geographically dispersed users they all reported that their VoIP stopped working and they could not access their web based VoIP control panels – I am not going to detail the conversations I had with the VoIP providers – all legitimate operators, … so I changed the methodology and decided on 2 rules – and this time VoIP + control panel worked for all test bed users.
Not including Trial Participants frim this community, so far I currently have close to 400 MT routers using MOAB and zero complaints on not being able to reach the content or service they want to reach – I do have many reports of how many drops are taking place to their delight – the high numbers [millions] are quite remarkable to me.
You don’t include any detail on how your blacklists are created or maintained, what the source sample is to determine which sites should be blacklisted, etc. So why exactly would someone decide to pay you $60/year for a service with no specifications of what the service is? Especially when there are several free options out there, so you need to provide some detail as to what makes your blacklist worth far more than the hardware that it runs on.
@effndc
People reading my MOAB links can easily find a great deal of detail on where I get the data for MOAB.from – I make no secret of it. So to help you out each one of my MOAB links contain the following information:
IF you’re wondering how we identify over > 600 million > unique IP addresses of known malicious or suspicious entities that we term as the Bad Guys? MOAB is extracted on a daily basis - 3 times each day - from > All Cybercrime IP Feeds by FireHOL > where that amazing number is derived from. After extraction we specifically engineer the blacklist to work in MikroTik Firewall Appliances and hosted on our web server.
Some Additional info :
At the server level I use Perl to do all the hard work of putting the data into RSC formate etc. From FireHOL I downlaod and work with the following Lists:
level1.netset
level2.netset
level3.netset
webclient.netset
webserver.netset
I do not develuge which mix I use for which track — because that is a moving target.
As to why would someone pay USD$60 per year – because I believe that my service provides good value and does a excellent job as a superb blacklist system that traps a LOT of IP’s — I have had no reports of any false positivs up to today – MOAB has been in operation since May of 2018 — I oferred 20 people from this MikroTik community the opportunity to try out the service free of charge till September 30, 2018. If People here would be pleased with the Trial and wanted to continue they could by paying the price after the expiry date and I am hoping that the satisfied MicroTik users reading this BOARD would post their commentary — as one did recently.
Currrently I still have 5 Free Trial Slots avaailable.
@mozerd:
I made couple of manual downloads in browser before I let the script in my device. Then my device did 3 downloads of diffs (each has two files so 6 calls total), 3 downloads of mtiptik (because said it needs update everytime) and 0 downloads of wsiptik (because diff said this one does not require update). In total it adds up to 11 calls. It is true that i did these downloads shortly before sending my response. Unfortunately I didn’t have time to do the test earlier. Also, after end of test, I disconnected the device and cleared all config so there will be no more calls from my account. Feel free to disable the account or give it to some other user. I really appreciate the chance to test it.
ad parsing file: Gosh!! I didn’t know about such limitation. That is ridiculous. Now I realize you really had not much choice.
All Free Trial slots have now all been taken up.
The MOAB server is currently consuming 2.6 GB of bandwidth daily based on 441 participants.
MOAB 1 for well provisioned Routers has grown in size to 1.8MB due to a fairly dramatic increase in criminal activity cumming out of Russia and Iran
MOAB 1 for memory constrained Routers remains at 500KB in size
An interesting note: 225 people applied for the Free Trail but 205 refused to provide the Prerequisites …
That is an amazing throughput, congrats on the progress and the continuing maturity of the product/services. Have you considered expansion into other areas of use such as Layer 7 programming?
Specifically, the areas of concern besides trolling IPs/botnets etc are
a. bitcoin mining
b. hijacks (encrypting hard drives and extorting for cash)
c. other exploits out there that the common person like me has no clue about.
(or are much of these not preventable in that a USER on a network lets a bad guy in and then its game over??)
a. bitcoin mining is included for both MOAB tracks –8,220 unique IPs – I added bitcoin when FireHOL provided a feed that was stable and it is working quite well.
b. hijacks has been in MOAB from the start.
c. I believe that FireHOL=Level1 covers the widest rage of exploits [and attacks] out there and has been in MOAB from day 1 of this project. Currently 455 MikroTik Routers are running MOAB [over 200K users] and to-date I have not had one Router Admin complain of any issues. I have had to rearrange some Fire rule placement for some of my clients who requested that I install MOAB for them because their rule placement would have made MOAB ineffective. YES Rule Placement is VITALLY important for MOAB to work properly in the protection game. My prerequisites web page provides a Rule Order graphic that I insist on for ALL my MOAB clients.
I currently have no plans for Layer 7 filtering because my capability in that area is very weak. Once I feel I have completely understood all the implications especially on performance I will consider its inclusion.only for the VERY capable machine.
Yes the biggest issue is when a USER gets caught on an enticement that is script driven usually embedded in an email; or brought in via memory stick and introduced internally. That is where Layer 7 plays a role at the workstation level or via a powerful UTM where Layer 7 traps are common. Layer7 traps places a significant load on the CPU.
EFFECTIVE November 12, 2018 MOAB will also work on MikroTik Routers that do not incorporate USB memory storage.
So for example MikroTik Routers models like the RB4011 using NAND flash memory will now work with MOAB
or any MikroTik RouterBoard that utilize SSD storage will also be able to have MOAB work.
The PREREQUISITES web page has now been updated to reflect the above.
Based on many requests I have received via email the following is now in effect for MikroTik Community Forum participants
From today [November 15, 2018] and until December 31, 2018 MikroTik users who contact me at mozerd@itexpertoncall.com and qualify by providing the prerequisite information can use MOAB at no charge.
For those participants who find the service to their liking and want to continue for Calendar Year 2019 Subscription Payment via PayPal must be received by December 15, 2018. For those that do not provide payment on December 15, 2018 your accounts will be deleted on midnight December 31, 2018.and your MOAB subscription will no longer receive further updates from the service.
I have no experience with MikroTik CHR. – I do not see why it could not be used. But if you would like to test it out I would be happy to accommodate.
The key component is how much available RAM memory is available and storage requirement like USB memory stick or SSD. Check out my prerequisites link for info and you’d like to give it a try send me an email with your details.
OK, I can create a unique serial number for your CHR instance and tie that to your IP address assuming your WAN IP is static. If you are using multiple WANs per CHR then you’ll need to ID the IP’s [in your email] for the CHR in use and I’ll tie those to the account created. Looking forward to working with you to see how MOAB works on the CHR.
