Community discussions

 
pe1chl
Forum Guru
Forum Guru
Posts: 5192
Joined: Mon Jun 08, 2015 12:09 pm

Re: MOAB mother of all blacklists

Wed Jan 02, 2019 11:09 am

Please stop using the forum as an advertisement platform.
Place a link to your website once where you advertise your business and be done with it...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8246
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: MOAB mother of all blacklists

Wed Jan 02, 2019 12:10 pm

Free Trial Period end at midnight Monday December 31, 2018.
No New Year miracle had happened =(
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Wed Jan 02, 2019 3:23 pm

Free Trial Period end at midnight Monday December 31, 2018.
No New Year miracle had happened =(
Miracles :) are expensive to dish out .. very best wishes!
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sat Jan 12, 2019 4:38 am

UPDATE FYI

Effective immediately I will no longer be providing MOAB for RB4011 devices. The RB4011 uses NAND memory == MOAB write/reads 4,300 times over a period of 365 days which may be deleterious to the RB4011 Router's life span

MOAB will only be supported on MikroTik Routers that utilize USB memory or SSD disk memory for file storage.
 
anav
Forum Guru
Forum Guru
Posts: 2613
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: MOAB mother of all blacklists

Sat Jan 12, 2019 5:23 am

Please stop using the forum..........
Place a link to your website onc............
Please use the proper forum method for posts that you feel are not warranted, the triangle symbol with the question mark.
Yes, I triangled your post as spam! :-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Fri Jan 18, 2019 12:05 am

UPDATE FYI

Effective immediately I will no longer be providing MOAB for RB4011 devices. The RB4011 uses NAND memory == MOAB write/reads 4,300 times over a period of 365 days which may be deleterious to the RB4011 Router's life span

MOAB will only be supported on MikroTik Routers that utilize USB memory or SSD disk memory for file storage.
CLARIFICATION:
Any MikroTik RouterBoard that does not provide the ability to add either a microSD card or USB memory stick or SSD disk for file storage will not qualify for the MOAB service. Because MikroTik NAND memory is soldered on the board its not replaceable -- MOAB writes 4,300 times over a period of 365 days which may be deleterious to the Router's life span if the NAND memory becomes exhausted.

For MikroTik CHR instances we will provide a special Serial Number for the instance you will be running that will be tied to its Public Facing IP Address. At the Root level you must create a directory called moab. The very same applies to x86 based MikroTik Routers.

PREREQUISITES First
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 2:46 pm

UPDATE

I am in the process of creating a MikroTik specific blacklist for VoIP and specifically aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's

I currently have one prospective client who is trialing this blacklist and providing me with very good feedback. This client is a startup cloud hosting VoIP provider [using 2 instances of the MikroTik CHR router] that is getting a lot of SIP / VoIP attacks and who initially requested MOAB to see if that could help his org -- subsequently he suggested a list [voipBL] he was familiar with and asked if I could include that list in my MOAB subscription offering. As an experiment I did generate a MikroTik specific list for him and so far he claims that all attacks on his infrastructure have stopped.

So I am looking for some additional orgs [users] who may be interested in TRIALING this VoIP specific blacklist [containing approx. 64K ip addresses whose RSC file is 2.3 MB] .. The Trial period will be for 30 days or ending on March 10, 2019 …. the list is updated every 4 hours however if the update does not receive/remove any IP addresses my system will only provide the update if an actual change has been made. The Trial is free of charges. I have not as yet determined what I will be charging for this service -- whether I will include this as part of the MOAB subscription or treat this as a niche offspring. Suggestions are welcome :-) If interested send me email mozerd@itexpertoncall.com

PREREQUISITES First
 
anav
Forum Guru
Forum Guru
Posts: 2613
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 3:23 pm

Mozerd can you clarify if this functionality is for providers or for the end users? I use VoIP at home and my service is never interrupted and thus was wondering???
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 3:37 pm

Mozerd can you clarify if this functionality is for providers or for the end users? I use VoIP at home and my service is never interrupted and thus was wondering???
aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's

Primarily for providers who have publicly accessible PBX's.

I also use VoIP using 3 providers and MOAB does an excellent job providing me a SHIELD of protection for my VoIP gear + + + -- I do not use a PBX.
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 262
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 4:19 pm

Buy a raspberry pi3 then install PiHole DNS server on it for free. You dont need to pay any money for MOAB

Sent from my C6833 using Tapatalk



 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 8:14 pm

Buy a raspberry pi3 then install PiHole DNS server on it for free. You dont need to pay any money for MOAB

Or simple use well known squidblacklist.org for free. :mrgreen:
viewtopic.php?f=9&t=104020&p=536327#p536327
╰_╯ Ciao Marco!
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 9:16 pm

Just a reminder in case the casual lurker is interested THAT
MOAB blocks over 600 MILLION IP Addresses of known perpetrator's [the Bad Guys] … that's over SIX HUNDRED MILLION …. no other blacklist for MikroTik specific gear does that to the best of my knowledge.

PREREQUISITES First
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8246
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: MOAB mother of all blacklists

Sat Feb 02, 2019 9:52 pm

Just a reminder in case the casual lurker is interested THAT
MOAB blocks over 600 MILLION IP Addresses of known perpetrator's [the Bad Guys] … that's over SIX HUNDRED MILLION ….
In other words, MOAB blocks more than 16% (SIXTEEN PERCENT!!!) of all ipv4 routable addresses :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5192
Joined: Mon Jun 08, 2015 12:09 pm

Re: MOAB mother of all blacklists

Sun Feb 03, 2019 1:27 am

Just use the ultimate blacklist: 0.0.0.0/0
That keeps out all the known perpetrators - at least until you get IPv6.
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sun Feb 03, 2019 2:11 am

Just a reminder in case the casual lurker is interested THAT
MOAB blocks over 600 MILLION IP Addresses of known perpetrator's [the Bad Guys] … that's over SIX HUNDRED MILLION ….
In other words, MOAB blocks more than 16% (SIXTEEN PERCENT!!!) of all ipv4 routable addresses :)
@Chupaka
To be precise the actual number as of today is 629,969,755 …. that's Six hundred and Twenty Nine MILLION Nine Hundred and Sixty Nine Thousand Seven Hundred and Fifty Five perpitrators and that is for Memory constrained Routers like the hEX and the hAPac2 … WOW … simply amazing …. And that number is much bigger for CHR's like you have Chupaka :-) min: 629,969,747 max: 630,361,162

The PRINCIPAL focus of MOAB is mainly related to preventing on-line attacks, on-line service abuse, malwares, botnets, command and control servers and other cybercrime activities …
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8246
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: MOAB mother of all blacklists

Mon Feb 04, 2019 12:09 pm

So, every 6th address in IPv4 is attacker, abuser, etc? :shock:
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
mkx
Forum Guru
Forum Guru
Posts: 2103
Joined: Thu Mar 03, 2016 10:23 pm

Re: MOAB mother of all blacklists

Mon Feb 04, 2019 12:29 pm

So, every 6th address in IPv4 is attacker, abuser, etc? :shock:
I'd say there are even more attackers / abusers / etc than one sixth of internet users ... personally I'd declare every youtube user as abuser and every twitter user as attacker ... not sure about facebook users, most are probably both attackers and abusers :mrgreen:
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 2613
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: MOAB mother of all blacklists

Mon Feb 04, 2019 7:18 pm

Chupaka you make the fatal assumption that one bad guy is on a one to one level with good guys. A bad actor will continually hammer and probe and hack repeatedly and thus they appear to be the work of at least six normal users LOL. That is probably a conservative estimate. Heck seeing where you are from, I would say you are already compromised or part of the problem. ;-P
Just give me your IP address so I can add it to my block list, and by that I mean all 11 of them, including the 10 servers that change IPs between your PC and this forum. If that is your real name or real location.......... heck, there is no way you are that handsome. :-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
marosi
just joined
Posts: 12
Joined: Tue Apr 15, 2014 6:00 pm

Re: MOAB mother of all blacklists

Tue Feb 05, 2019 10:21 am

Hum...

why not deliver via BGP and on site do blackhole routes with routing filters?
it would not rape the storages and cpu at all.
you could account the bgp peers with the 60 bucks and secure it with vpn and just use ibgp.
a client can secure its router by some deny rules. for example to net let you announce 0.0.0.0/0 and stuff.
updates would be immediate.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5192
Joined: Mon Jun 08, 2015 12:09 pm

Re: MOAB mother of all blacklists

Tue Feb 05, 2019 11:47 am

why not deliver via BGP and on site do blackhole routes with routing filters?
Remember this is a project from a guy who wants to make quick money from re-distributing other people's data.
Of course there are better ways to do it, but why would he care as long as he gets the paying customers and makes them happy?
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Tue Feb 05, 2019 1:14 pm

Hum...

why not deliver via BGP and on site do blackhole routes with routing filters?
it would not rape the storages and cpu at all.
you could account the bgp peers with the 60 bucks and secure it with vpn and just use ibgp.
a client can secure its router by some deny rules. for example to net let you announce 0.0.0.0/0 and stuff.
updates would be immediate.
1 .. I do not have a great deal of experience using BGP let alone iBGP
2. .. The one lesson I learned in my business LIFE is to always KISS and as a Tech guy KISS is one rule I have zero plans on breaking.
3 ... YES You do make very good points I am now intrigued that I will consider for the future once I gain the required BGP experience and understand all its impacts based on the MikroTik RESOURCES I would like to support. Is there enough time in a day for intrigue? :-)
 
anav
Forum Guru
Forum Guru
Posts: 2613
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: MOAB mother of all blacklists

Tue Feb 05, 2019 3:27 pm

why not deliver via BGP and on site do blackhole routes with routing filters?
Remember this is a project from a guy who wants to make quick money from re-distributing other people's data.
Of course there are better ways to do it, but why would he care as long as he gets the paying customers and makes them happy?
He is merely offering a service that he ALREADY provides for his clients doing what he thinks is best to keep them from getting hacked.
He doesn't need anybody from this forum to use the service. If you think $60 bucks a year is too much, then don't use it. I spend more money on coffee alone in half a month, so put your whining in perspective. Finally there is a saying, put up or shut up, if you have something better to offer then please do so. This is just the beginning Pe1chl, I am going to ask you this question on every post of yours I see in every forum. I will ask you , where is your better offer.......... Are you ready for that?? I'm tired of so called experts here maligning without context or merit.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sat Feb 16, 2019 4:42 pm

UPDATE

I am in the process of creating a MikroTik specific blacklist for VoIP and specifically aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's

I currently have one prospective client who is trialing this blacklist and providing me with very good feedback. This client is a startup cloud hosting VoIP provider [using 2 instances of the MikroTik CHR router] that is getting a lot of SIP / VoIP attacks and who initially requested MOAB to see if that could help his org -- subsequently he suggested a list [voipBL] he was familiar with and asked if I could include that list in my MOAB subscription offering. As an experiment I did generate a MikroTik specific list for him and so far he claims that all attacks on his infrastructure have stopped.

So I am looking for some additional orgs [users] who may be interested in TRIALING this VoIP specific blacklist [containing approx. 64K ip addresses whose RSC file is 2.3 MB] .. The Trial period will be for 30 days or ending on March 10, 2019 …. the list is updated every 4 hours however if the update does not receive/remove any IP addresses my system will only provide the update if an actual change has been made. The Trial is free of charges. I have not as yet determined what I will be charging for this service -- whether I will include this as part of the MOAB subscription or treat this as a niche offspring. Suggestions are welcome :-) If interested send me email mozerd@itexpertoncall.com
UPDATE

Decision has been made re pricing for the voip blacklist Primarily for VOIP Providers who have publicly accessible PBX's.
As a standalone voipTIK blacklist the subscription fee will be US $72 annually per Router or CHR instance
As a sub to MOAB the add-on premium will be US $36 annually -- so MOAB @ $60 + voipTIK @ 36 = $96/yr.

PREREQUISITES First
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Mon Feb 25, 2019 4:51 pm

UPDATE

Effective March 15, 2019

for memory constrained MikroTik routers like the hEX and hAPac2
wsiptik.rsc will now be integrated into mtiptik.rsc and that will eliminate approximately 550 duplicate ip addresses.

for well provisioned MikroTik routers including the CHR and the x86
wsiptik.rsc is being integrated into fileiptik.rsc and that will eliminate close to 7K duplicate ip addresses

Then end result will mean that this consolidation will help to save system resources regardless of which model of MikroTik Router is being deployed with MOAB thereby improving MOAB’s efficiency when called upon by the system.

PREREQUISITES First
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Wed Feb 27, 2019 3:52 pm

voipBL protects against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's

If you spend the time to actually READ through link below you actually will see very interesting information.
Evolution of voipbl

voipTIK

PREREQUISITES First
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Thu Mar 07, 2019 2:27 am

Huge spike
fireHOL_level2.GIF
Notice the huge spike in attacks March 5 to TODAY

MOAB includes firehol_level2 in its blacklist for MikroTik Routers having a minimum of 1 GB of RAM

PREREQUISITES First
You do not have the required permissions to view the files attached to this post.
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Tue Mar 12, 2019 6:56 pm

Based on March 12, 2019 Check out Change History for FireHOL_Level2
level2changes.GIF
Based on March 12, 2019 Check out Country Map Covered by FireHOL_Level2
countrymapl2.GIF
MOAB includes firehol_level2 in its blacklist for MikroTik Routers having a minimum of 1 GB of RAM

Did you know that MOAB includes the following for amply provisioned MikroTik Routers:
firehol_level1
firehol_level2
firehol_level3
firehol_webclient
firehol_webserver

Did you know that MOAB includes the following for memory constrained MikroTik Routers:
firehol_level1
firehol_webclient
firehol_webserver

PREREQUISITES First
You do not have the required permissions to view the files attached to this post.
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Sun Mar 17, 2019 4:44 pm

DID you KNOW

that MOAB designed to protect YOUR network for amply provisioned MikroTik Routers
AND for memory constrained MikroTik Routers include FireHOL-Level1 block list

And within firehol_level1 among the 628 million ip addresses covered
includes
100% of spamhaus_edrop and
100% of spamhaus_drop

What is spamhaus_drop and spamhaus_edrop
spamhaus_drop (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The spamhaus_drop and EDROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.

EDROP is an extension of the spamhaus_drop list that includes suballocated netblocks controlled by spammers or cyber criminals. EDROP is meant to be used in addition to the direct allocations on the spamhaus_drop list.

When implemented at a network or ISP's 'core routers', spamhaus_drop and EDROP will help protect the network's users from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.

Spamhaus strongly encourages the use of spamhaus_drop and EDROP by tier-1s and backbones.
PREREQUISITES First
 
User avatar
mozerd
Member Candidate
Member Candidate
Topic Author
Posts: 212
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: MOAB mother of all blacklists

Tue May 14, 2019 4:05 pm

Notice of CHANGE to subscription model.

OLD method: Annual Subscription was based on your Mikrotik Serial number
New method: Annual subscription will now be based on your WAN IP Address ...

For organizations that have multiple TIKs --- serial number subscriptions will change to account number subscriptions that supports all the Tik's at the same time. -- for example, if you have 15 Tiks your account number will now support all the Tiks you manage.

Who is online

Users browsing this forum: No registered users and 71 guests