banIP support thread

works for me, your config please and the output of service banip status - thanks

1 Like

The talos list seems to have stopped working as of September 26. I tried browsing to the URL in the default feed list and it seems to be hidden behind a terms and conditions page which requires an agree button to be clicked - I assume that page was introduced recently?

Not sure if there's a way round this. It looks like a cookie needs to be cached?

Try something like that in the custom feed editor (URLv4):

https://www.talosintelligence.com/documents/ip-blacklist?name=token&id=token

It seems Talos has moved it's IP Threat detection to snort.org and this in turn affected the feed blocklist for Talos which now requires to have an authenticated token. This is automated through the "Terms" page being shown if opened using a browser.

I don't think there is a way to circumvent this for now.

Did you test the above mentioned dummy parameter based download URL?

Edit: Anyway, I think we should remove the Talos feed with the next release, cause they only provide a "sample IP list" with the latest changes, other than that seems to be behind a paywall ...

2 Likes

Yup would agree to remove it on the next release.