Community discussions

 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sat Sep 01, 2018 1:53 pm

Unfortunately, I don't have IPv6 yet. The system is designed for it, but I have no routers in IPv6 networks that I can test with. My home internet supports it, but it's so unstable, I don't bother with it.
If it helps and the IPv4 sevice is done, I can provide an IPv6 router as honeypot.
I get a ::/48 prefix length and could then put a router¹ behind the Mikrotik. @Dave: You can have full admin access on it.
I get a new dynamic prefix from my provider every 36-48 hours. I can get a static IP but I have to pay extra for it. IPv6 has been stable for years, and I've had it since the pilotphase. (Year 2013 / Provider: NetCologne.de)

¹On a UBNT (ER-8) router, a honeypot package can be loaded from the Debian reposity.
Of course, the Mikrotik can serve as honeypot directly, if someone has finished scripts for it.
╰_╯ Ciao Marco!
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1028
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Blacklist Filter (Development Topic)

Mon Sep 10, 2018 2:50 pm

Have just noticed 6.43 has moved into the current branch so have updated accordingly. Can't seem to find IP>Cloud though?? Looking forward to using the IntrusBL again.

**It's not in Winbox but is there in the terminal.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Mon Sep 10, 2018 8:16 pm

ip Cloud terminal-only when running CHR
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Mon Sep 10, 2018 8:21 pm

I'm in a holding pattern while my lawyer researches the EU "GDPR" laws.
It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
That means that anyone with a honeypot running on their router will be able to delete any IP's in the database that their router may have submitted.
While this may not sound like a big deal, it's ENTIRELY possible for a user to fake an update and delete the whole database.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
43north
Member Candidate
Member Candidate
Posts: 194
Joined: Fri Nov 14, 2014 7:06 am

Re: Blacklist Filter (Development Topic)

Mon Sep 10, 2018 9:25 pm

I'm in a holding pattern while my lawyer researches the EU "GDPR" laws.
It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
That means that anyone with a honeypot running on their router will be able to delete any IP's in the database that their router may have submitted.
While this may not sound like a big deal, it's ENTIRELY possible for a user to fake an update and delete the whole database.
Thanks for the update Dave.
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Tue Sep 11, 2018 11:23 am

I also thank you for the update.
 
idoch
just joined
Posts: 3
Joined: Mon Mar 26, 2018 6:54 pm

Re: Blacklist Filter (Development Topic)

Fri Sep 21, 2018 5:24 pm

I'm in a holding pattern while my lawyer researches the EU "GDPR" laws.
It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
That means that anyone with a honeypot running on their router will be able to delete any IP's in the database that their router may have submitted.
While this may not sound like a big deal, it's ENTIRELY possible for a user to fake an update and delete the whole database.
Hey Dave,
I am looking forward to the new service. Obligatory - I am not a lawyer - but... You're over thinking this. An IP address itself is not "personally identifiable" -- until it is associated with other specific data that could be personally identifiable to a natural person (cookies, MAC, RFID, etc.). Classification of an IP as the source of infection, malicious behavior, etc. (or any of the behavior a honeypot would flag) is not at all identifiable to a natural person. Check into Recital 26 in full https://gdpr-info.eu/recitals/no-26/ Here's a piece:

"The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes."

If you get Honeypot information secondhand under general classifications of "port scanner" or "wordpress prober" or "SSH Brute Force" -- I can't think of much that could be less personally identifiable to a natural person. You don't know any personally identifiable information about their interactions with the honeypot - all you have is an IP address and a general label. They can't force you to pretend that IP doesn't exist or that you couldn't find their ISP and report them to abuse@ or that you can't make decisions based on anonymized data based on "reputation" of a network -- which (by itself) is not identifiable to a natural person.

Absolute worst case: If your lists were created with an automatic timeout or expiration that was less than the 24 hour requested removal; wouldn't that be compliant? The IP would have been removed from the list after 24 hours (requested or not) -- if they get added back for ongoing bad behavior that's their problem. The list doesn't "track" them at all; each list is an independent serial number.
 
idoch
just joined
Posts: 3
Joined: Mon Mar 26, 2018 6:54 pm

Re: Blacklist Filter (Development Topic)

Fri Sep 21, 2018 10:30 pm

Showing you further that you (and your subscribers) are in the clear...
https://gdpr-info.eu/recitals/no-49/
 
szir
just joined
Posts: 1
Joined: Tue Oct 16, 2018 6:14 pm

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 12:14 pm

I'm new to MikroTik and I just found this thread.
I like the work that you do.
Security is important to me, so I would like to use your list. I put together a couple of rules for brute force prevention, (also reported some on abuseipdb) but blocking IPs with malicious activity that others found would be nice.

I read someone suggested DNS for updating the block list (instead of downloading a script). I would also like that. One problem I see is that as far as I know you cannot put an IP range into a DNS A record, which would make blocking whole subnets harder.
msatter suggested DNS as a means to ease the traffic generated by distributing the list.
I would like it for a different reason.

Security is important for me so I don't like the idea of downloading a script form an external source and running it on a schedule. I'm sure you are a nice and trustworthy guy, but I don't know you and don't know what security you put in place that prevents (and will prevent at any point in the future) others from hijacking your update script file. I don't want my router to become part of a botnet because it "accidentally" downloaded the wrong script...

Using DNS to update the list would eliminate the need to download and run unknown scripts, the worst that I can imagine happen in case someone takes over the DNS is that they could block innocent IPs/censor the Internet. (There might be some other way that doesn't require auto-running a downloaded script.)
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 5:02 pm

If using DNS is a requirement for you, I suggest you look elsewhere for the service.
I have no plans to use DNS for this service. It's not a viable distribution method.
DNS is not able to send a response of 200,000+ IP addresses.
BGP is also not going to happen, as it require a large amount of labor on both ends to configure.

I've gotten the server side stable enough to move forward. Though I may be changing the pricing.
My current thought is keeping the small list free for all..
Medium list will be accessible via donations.
Full list and custom configuration will be accessible via monthly subscription.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1028
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 6:42 pm

I've watched list "2" slowly grow over time, I think it was "only" around 14,000 entries when you first started this thread off and now it is up to 23,500+ entries. Seriously amazing stuff Dave.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 9:00 pm

Dave since when will be donated for a medium list?
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 9:40 pm

I’m not sure I understand the question
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 9:57 pm

I ask since when we pay for the product.
I'm sorry but I'm not good at English.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 10:52 pm

The pay service will begin on the 1st of the year
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Fri Oct 19, 2018 11:22 pm

OK, I'm waiting for information on how to transfer money.
 
jausovec
just joined
Posts: 3
Joined: Fri Mar 06, 2015 9:55 am

Re: Blacklist Filter (Development Topic)

Tue Oct 30, 2018 12:24 pm

Hi.

Can someone sum up the latest script/instructions on how to install the new service (and uninstall the old one :) )?
Or are we not so far yet, that we could start using it in home environment?
I am also avaiting info about how/where to we can make the payment for the service.

Thank you
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Fri Nov 02, 2018 2:02 pm

It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there.
This fucking GDPR :evil:
This law harms citizens more than it helps. A shot in the knee.
Some good forums has closed and from Germany you can not order anything from some shops in Switzerland anymore.

@Dave
Do you have IP blacklists from squidblacklist.org in priority 1 or 2?

@all
Because here is increasingly asked for payment:
Just fill out the form by Dave, if you haven't yet. Then you will receive an e-mail in time.
https://goo.gl/forms/UQMYqKJ54E0iV35l2

@jausovec
Disable or delete the old Blacklist script(s) and scheduler and fetch the new.
Post Nr.9 in this topic:
viewtopic.php?f=9&t=136666#p677573
Adjust 'destPath' and 'priority'.
Fix new schedulers or adjust the old ones.
╰_╯ Ciao Marco!
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 12:35 pm

For IntusDave:
Do you have any problem or do you update? I run your script but the script didn't download nothing.

I thank you for your help!
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1028
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 1:27 pm

For IntusDave:
Do you have any problem or do you update? I run your script but the script didn't download nothing.

I thank you for your help!
Are you running IP > Cloud ? Would be the "easiest" thing to check at this point as it is a prerequisite.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 1:43 pm

For IntusDave:
Do you have any problem or do you update? I run your script but the script didn't download nothing.

I thank you for your help!
Are you running IP > Cloud ? Would be the "easiest" thing to check at this point as it is a prerequisite.
Yes, IP -> Cloud is running. DDNS Enabled and updated.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 5:47 pm

The server is hosted on the google cloud platform. It appears that Google has oversold the zone that my servers are in, and my servers have been taking offline to allow others to run. I'll be moving the server to a different zone ASAP.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 7:07 pm

@Dave
Do you have IP blacklists from squidblacklist.org in priority 1 or 2?
squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 8:10 pm

I bought a new network "level 3" honeypots online. These are my first located in "hostile" countries. Bringing the current Level 3 list to over 189,000 entries.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 8:15 pm

The server is hosted on the google cloud platform. It appears that Google has oversold the zone that my servers are in, and my servers have been taking offline to allow others to run. I'll be moving the server to a different zone ASAP.
Thanks!

Your blacklist works well again!

Thanks!
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 8:17 pm

No problem, and I'm sorry about the downtime.
I've changed the policy on my servers so that Google can not longer preempt mine to make room for higher paying customers. Not happy that it's adding another $50/month onto my bill, but I can't have them dropping me because someone bigger wants my cpu or memory.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 8:56 pm

What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sat Nov 03, 2018 9:30 pm

What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
How much memory use on routers with these Blacklist Filters?
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 9:20 am

It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 10:55 am

It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
What do you think about this service?: viewtopic.php?t=137632
 
User avatar
acortesguasch
just joined
Posts: 7
Joined: Tue Dec 19, 2017 6:04 pm

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 12:54 pm

What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.

Keep the fantastic work!
To Be Continued...
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 5:53 pm

It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
What do you think about this service?: viewtopic.php?t=137632
I think it's a ripoff of my project by someone that hasn't been a part of the community as long as I have. I think I am far more transparent in the development process.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 6:05 pm


squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.
OK, now I'll be clear here ;-) Thanks.
Will test how much RAM a RB2011 needed. Only with priority 2
or priority 1 + drop.malicious.rsc

PS:
SBL Malicious IP Blacklist from: https://www.squidblacklist.org is free of charge.
╰_╯ Ciao Marco!
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 6:05 pm

What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.

Keep the fantastic work!
The goal is NO end-of-service date. This started out as a project out of a personal need, I shared it with the community because I thought others could use it too. Last year, the original service hit just over 17,000 active devices. I realized that several LARGE businesses were using the service and SELLING IT to their customers. At that point I felt that it was "fair" for me to be paying several hundred per month for servers and honeypots out of pocket, while others were making money off it it.

My vision is to have a service that is simple to implement, stable, secure, fast, and self-sustaining. Once the income is able to cover the expenses, and it is able to keep running without me, then I can focus on bringing new features and adding support for new platforms.

I don't want or plan to get rich from this. I want to provide a valuable service at a price that anyone can afford.

As for yearly payments - At this time, I am going to keep it monthly. I don't want to accept a payment for a year of service before I know the service will be able to sustain itself.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 6:07 pm


squidblacklist.org is not included, as it is a pay service. The IP's they have on the free lists are pretty much duplicates of my list 2.
OK, now I'll be clear here ;-) Thanks.
Will test how much RAM a RB2011 needed. Only with priority 2
or priority 1 + drop.malicious.rsc

PS:
SBL Malicious IP Blacklist from: https://www.squidblacklist.org is free of charge.
I compared mine with that one - All of the IP's in that are also in mine. The key difference is the delivery method. My .rsc is much smaller and processed faster.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 6:31 pm

The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.

As for yearly payments - At this time, I am going to keep it monthly. I don't want to accept a payment for a year of service before I know the service will be able to sustain itself.
Would be nice to be able to select priority 1, although you have paid for priority 2.

Uh, monthly. I hope the monthly payment can be automated.
╰_╯ Ciao Marco!
 
User avatar
acortesguasch
just joined
Posts: 7
Joined: Tue Dec 19, 2017 6:04 pm

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 6:38 pm

Any estimate regarding the end-of-service date as it is? I have to convince my boss of the benefits of being a paying member of the community and I do not want to be caught offguard.

Keep the fantastic work!
The goal is NO end-of-service date. This started out as a project out of a personal need, I shared it with the community because I thought others could use it too. Last year, the original service hit just over 17,000 active devices. I realized that several LARGE businesses were using the service and SELLING IT to their customers. At that point I felt that it was "fair" for me to be paying several hundred per month for servers and honeypots out of pocket, while others were making money off it it.
When I asked about the end-of-service as it is I was referring when the current scripts will be deactivated and only working via Patreon.

I think I understood since the beginning the kind of project you are running, for you and for the Community, and I cannot see any flaw in you reasoning. You are giving a lot to the Community and it is only fair to try to cover expenses.
To Be Continued...
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 7:49 pm

My goal is January first.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
HZsolt
just joined
Posts: 17
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 8:18 pm

My goal is January first.
After January first the current your script will not work?
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 9:07 pm

The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.

As for yearly payments - At this time, I am going to keep it monthly. I don't want to accept a payment for a year of service before I know the service will be able to sustain itself.
Would be nice to be able to select priority 1, although you have paid for priority 2.

Uh, monthly. I hope the monthly payment can be automated.
Payment is automated via the Patreon page. Each Tier includes the Tier below it. I've updated the tires on the page to better explain what you get.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 10:00 pm

How to make a payment from Poland?
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 10:01 pm

How to make a payment from Poland?
https://www.patreon.com/IntrusTechnologies

You can go to this Patreon page to sign up.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Sun Nov 04, 2018 10:02 pm

OK thanks.
 
hhgttg42
just joined
Posts: 8
Joined: Wed Oct 12, 2016 4:48 am

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 5:05 pm

What are everyone's thoughts on using Patreon for the subscription service?
I've started setting up a page here: https://www.patreon.com/IntrusTechnologies
Once I have everything linked, the existing scripts will stop working and I will post the current scripts on the Patreon page.
The new script will not require any modification, as the server will select the list based on your router's serial number and IP address.
The system will also disable accounts that are using forged serial numbers or IP addresses.
I'm already signed up! Thanks again for the great service Dave.
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 5:53 pm


OK, now I'll be clear here ;-) Thanks.
Will test how much RAM a RB2011 needed. Only with priority 2
or priority 1 + drop.malicious.rsc
I'm using the priority 2 list on an RB2011. Memory is fine. I currently have free 74MB of 128MB with ~30k blacklist entries. The RB2011 is more CPU starved when it's updating the list or if you view the address list.
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 7:21 pm

Payment is automated via the Patreon page. Each Tier includes the Tier below it. I've updated the tires on the page to better explain what you get.
Perfect thank you.

Mikrotik forum logged me off last night again and again. :(

I'm using the priority 2 list on an RB2011. Memory is fine. I currently have free 74MB of 128MB with ~30k blacklist entries. The RB2011 is more CPU starved when it's updating the list or if you view the address list.
I've deleted most of the drop.malicious.rsc address-list entrys (~30k blocklist.de) and switched to priority 2 (also about ~30k). I have 7 MB more Ram free. (Free Memory now 55MB) :D
╰_╯ Ciao Marco!
 
anav
Forum Guru
Forum Guru
Posts: 2724
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 9:45 pm

It's hard to give accurate numbers, but it looks like the List 1 uses about 768k, List 2 uses 3M, and List 3 uses 54M to load and 50M once the load is done. The other two load too fast on my RB110AHx4 to see the memory load update.
What do you think about this service?: viewtopic.php?t=137632
I think it's a ripoff of my project by someone that hasn't been a part of the community as long as I have. I think I am far more transparent in the development process.
Sounds like an emotional response based on little fact. You would be better served by recognizing and supporting a like minded fellow provider who decided to share his work for his customers/clients with the community at large. The development cycle taken matches up with what I would have done, first being exposed to Josh Haven and the various sources, such as the Firehol lists, magically available whether you were on this less and less green earth or not. On his own he matured his script skills to be able to create the database and program with the flexibility and 'scalability' of his clients in mind (hex to larger units) which is critical to many of us with lesser units (not companies with fat wallets). Its stable, it works and its phukking affordable. He obviously has put much time and effort into the program, considering the servers required and the fail over and many other detailed minutia it takes to run a credible service. As to transparency, what are you referring too? He opened up his development to anybody that was interested for testing purpose. He clearly outlines his sources which do not contain 'secret' honeypots.

Don't get me wrong, I support what you are attempting to provide as much as the next person. I just hate to see unwarranted antagonism. If I had the skills I would be tempted to do the same and provide such a service. Good luck on progress in the next months!!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 9:51 pm

If you want to support him, please support him in his topics.
If you would like to be involved in the me-vs-him debate, please at least do a little background research on the history.
My project has been the subject of "IP Theft" several times, and I do my best to keep my server side tech hidden now because of that.
I shut down my project once before, one of the many factors was other projects taking my lists and pushing them out as their own.

People are free to choose what they want to use, but if you want to talk about his stuff, please do so elsewhere.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Mon Nov 05, 2018 10:03 pm

Tech Note: 6.44beta20 causes some issues, make sure you update to the current beta, if you are running the betas.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Tue Nov 06, 2018 12:33 am

I'm already signed up payment from January?

Who is online

Users browsing this forum: No registered users and 6 guests