ThreatSTOP Features at GA

ThreatSTOP supports a wide range of commonly deployed firewalls and provides a number of additional features such as firewall log processing with graphical reporting and secure, reliable DNS.

Firewall and Blocklist Features

We have massively increased the varieties of firewalls we support and optimized the process for those we have supported for a while.

For managers of iptables and pf based firewalls our update scripts are now significantly faster. For managers of Cisco firewalls we have improved our script to create a network object, which you can then use in any way you choose. For Cisco, IPtables and pf firewalls we have added subnet support which enables things like geographic address ranges and bogon blocking.

We have also improved the guidelines for enabling ThreatSTOP on your firewalls. Simply log into your account and click on the rules link next to the firewall to be configured on the "Devices" page, and the specific instructions you need will be displayed. For firewalls for which we have configuration scripts, the site will generate the correct configuration for you to download.

We are currently in the final stages of conforming Juniper Junos firewalls and routers as a fully supported class of devices, and also have beta support for SnortSAM. If you are using either of these platforms, please contact us to join the beta program. Via our support of SnortSAM we can now provide blocklists to the overwhelming majority of firewalls.

We have added APL (RFC 3123) support, and thus can provide netrange blocking in IPV4 and IPV6 in a compact format without needing enormous numbers of A and AAAA records. We intend to deploy IPv6 lists, starting with the v6 bogons, in the very near future.

We also have a new "expert mode" available for advanced users that allows you much greater freedom in the choice of blocklists to combine for your firewalls.

Website and Service Features

Since we use DNS to distribute the ThreatList to our subscribers our DNS servers have been carefully set up to avoid issues such as cache poisoning and other DNS attacks. They are not limited to resolving our own domain but can function as a standard DNS resolver. Using ThreatSTOP as your forwarder provides the anti-poisoning benefits of services such as OpenDNS and Google DNS without NXDomain redirection or ad insertion.

For those who submit their logs we've significantly improved the reporting and added a CSV export feature.

We have also improved our public website and made a couple of tools available there to check logs and ip addresses quickly.

Finally we're making our data available for developers and service providers in a standard DShield format.

Share this: