Download rules from abuse.ch

Started by bmail, November 15, 2018, 08:08:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2018, 08:08:35 PM
Hello,

Since 18.7.7, I've been noticed that suricata does'nt download rules coming from abuse.ch.

For example:
rule-updater.py: download failed for https://feodotracker.abuse.ch/blocklist/?download=suricata
rule-updater.py: download failed for https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.rules
rule-updater.py: download failed for https://sslbl.abuse.ch/blacklist/sslipblacklist.rules
rule-updater.py: download failed for https://sslbl.abuse.ch/blacklist/sslblacklist.rules

Into the rules section, we can see that no new download had been completed for some days:

abuse.ch/Dyre SSL IPBL                          2018/11/09 10:18                                   drop   
abuse.ch/Feodo Tracker                          2018/11/06 22:18                                   drop   
abuse.ch/SSL Fingerprint Blacklist          2018/11/09 10:18                                   drop   
abuse.ch/SSL IP Blacklist                          2018/11/09 10:18                                   drop

Have you the same issue with 18.7.7  and suricata 4.0.6 ?

Thanks fo any idea !
Regards
November 16, 2018, 01:23:02 AM #1
The services of abuse.ch are down, see https://twitter.com/abuse_ch

QuoteSSLBL / SinkDB Update: I'm sorry to tell you guys that the said services (incl. the Feodo Tracker blacklist) will be down until at least Monday, Nov 19th 2018. The reason for the outage is a failed Debian dist upgrade on the backend server. Sorry for any inconvinience.
November 16, 2018, 01:39:23 PM #2
Hello,

Thanks for this news.  So no issue coming from OPNsense.
Have a good we.
best regards

November 22, 2018, 08:33:51 AM #3
hmm is this why none of the rulessets download?
November 23, 2018, 06:25:26 PM #4
No. Other rulesets are downloading fine.
Just an issue with abuse.ch on specific subdomain.

Print
Go Up Pages1
User actions