Hi there,
This is a second time I'm going to demo ioc2rpz at DefCon Demo Labs. For the last year I've implemented some cool features, fixed bugs and refactored some code.
The enchantments includes:
- REST API;
- DNS over TLS support (DoT);
- IPv6;
- cache and zone generation optimization;
and some other improvements and bug fixes.
Since January 2019 I'm using RPZ feeds at home on a Raspberry PI (bind) and in a Lab on Infoblox with ioc2rpz deployed on a publicly available server in the Internet. A public TSIG key was available for tests about 4 months and a few users tested it. To simplify a user experience, add some extra control and protect the service against abuse I've created an ioc2rpz community web-site (https://ioc2rpz.net). On the community web-site your can get an access following RPZ feeds free of charge:
If you want to test RPZ feeds in your environment you have multiple options which are easy:
If you still confused what I'm speaking about you can watch a demo video. It is a bit outdated (was prepared for DefCon 26) but still actual + UX/UI was not significantly updated :)
BR,
Vadim
This is a second time I'm going to demo ioc2rpz at DefCon Demo Labs. For the last year I've implemented some cool features, fixed bugs and refactored some code.
The enchantments includes:
- REST API;
- DNS over TLS support (DoT);
- IPv6;
- cache and zone generation optimization;
and some other improvements and bug fixes.
Since January 2019 I'm using RPZ feeds at home on a Raspberry PI (bind) and in a Lab on Infoblox with ioc2rpz deployed on a publicly available server in the Internet. A public TSIG key was available for tests about 4 months and a few users tested it. To simplify a user experience, add some extra control and protect the service against abuse I've created an ioc2rpz community web-site (https://ioc2rpz.net). On the community web-site your can get an access following RPZ feeds free of charge:
- dns-bh.ioc2rpz - DNS-BH – Malware Domain Blocklist by RiskAnalytics (http://www.malwaredomains.com).
- notracking.ioc2rpz - No more ads, tracking and other virtual garbage (https://github.com/notracking/hosts-blocklists).
- phishtank.ioc2rpz - PhishTank is a free community site where anyone can submit, verify, track and share phishing data. The source contains only phishing domains/hosts and IPs. (https://www.phishtank.com).
If you want to test RPZ feeds in your environment you have multiple options which are easy:
- Sign up on the ioc2rpz community web-site.
- Deploy a docker container from the docker hub. Here is a simple instruction.
- Deploy it on AWS using ECS. Here is another instruction.
If you still confused what I'm speaking about you can watch a demo video. It is a bit outdated (was prepared for DefCon 26) but still actual + UX/UI was not significantly updated :)
BR,
Vadim