Issue Parsing Talos Feed #23
Comments
Not a list I use, but in testing just now, I have no issue accessing that URL which directs to (as you mentioned) to 91.228.167.128 I show the default list having it commented out, which is why I may not be using it... Talos Reputation Center IP BlacklistAlso see https://www.talosintelligence.com/reputation#https://www.talosintelligence.com/documents/ip-blacklist Updated - Interesting read here on snort blocking and only used for testing, the moved part is old.. |
|
It may be an artifact of how my implementation is parsing the site (I'm using VyOS). When I manually run the script, I can see where the Talos site is fetched, but it is not processed into the final list. I was actually able to get it to work by adding a "-L" option on line 458 of updBLackList.sh which informs cURL to follow redirects. |
|
This seems to be a semi-recent change in that list location. This doesn't appear to be a traditional redirect either (but isn't broken). This had been a separate Cisco Talos list but is now just a redirect to a snort list. I intentionally did not include a -L option to curl. The ultimate target URL for this list appears to be dynamic so if this is is desired a -L would be required unfortunately. I'll probably look to add a comment to an updated reference list after looking into this one further. |
Not sure if anyone still maintains this, but there appears to be an issue pulling the Cisco Talos feed (https://www.talosintelligence.com/documents/ip-blacklist). My guess is the fact that the URL redirects to an Amazon S3 bucket is the issue.
The text was updated successfully, but these errors were encountered: