ThreatSTOP just updated our Vyatta install script to fully support the latest Vyatta version: 6.2. The new script is backwardly compatible to earlier Vyatta versions however an upgrade is not required for earlier versions of Vyatta. This is just a part of our ongoing Vyatta relationship to fight bots and criminal malware - as mentioned in this press release that came out today. The combination of ThreatSTOP and Vyatta provdes an extremely cost effective method of stopping bots calling home and blocking the servers that deliver bots and other malware that may be used either as a standalone solution or as a method to augment an existing firewall.
In addition to our Vyatta support, we have also made some improvements to our handling of Cisco ASA devices and simplified the registration process. We have also added some more feed sources to improve our service. The following new feeds are available in expert mode:
- AMaDa C&C blocklist from abuse.ch
- VOIP abusers (addresses found cracking IP PBXes and other VOIP services)
- Exit nodes of the TOR anonymization service
The AMaDa list has also been added to our standard 'botnets' feed.
The TOR exit node list is highly experimental and subject to change as we evaluate its accuracy and reliability. We are providing this list primarily because some subscribers may wish to block access to/from anonymization services rather than as a list of actual threats. It is important to realize that addresses on this feed are not necessarily bad as many people use tor for entirely benign purposes, however it is worth noting that some addresses do also appear in other feeds. In this respect it is similar to out "Parasites" feed.