Blacklists

Part of a defense in depth strategy for cyber security is having the hostile attacker deal with multiple obstacles before reaching the his objective.  You can thwart many script kiddies with a just a couple layers.  However, a determined attacker, won’t stop after encountering your firewall and anti-virus.  Do yourself a favor and add another layer of defense with blacklists added to your security devices.

Use the IP address blacklists as additions to your firewall deny lists.  Add the URL and domain blacklists to your content filters.  If you don’t employ the use of content filters, then you can have the same effect with a simple hosts file hack (for free).  By adding the hostile domains on the blacklist to your hosts file (or a local DNS server if you have one) and then most importantly setting the IP addresses of each one to localhost (or a bogus IP), you will stop any attempt to reach those domains.  Also, if you are utilizing a Snort IDS as one of your layers, the rules have been provided to copy and paste.

BotNets

• BotNet IP address blacklist

Malware

• Malware domains blacklist
• Malware IP address blacklist
• Snort rules for malware domains
• Snort rules for malware IP addresses
• Snort rules for malware URLs

Phishing Campaigners

• Known Phishing URL blacklist
• Snort rules for phishing URLs

Ransomware

• Ransomware domains blacklist
• Ransomware IP address blacklist

Special Thanks to OptivMSS  for providing these blacklists.