Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1017 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Emotet Controlserver IP List

DAENG

Hello,

what is the easiest way to import a IP list to block it Systemwide on all Outgoing Physical Ports?

Like

feodotracker.abuse.ch/.../



This thread was automatically locked due to age.
  • 0

    Hi,

    I think you can do what you want via xml or APIs, but I don't think you would gain much in security because the list appears to be very dynamic. I would suggest you look at web and application places to stop access to the malware etc.

    Ian

  • 0

    Hi,

    a client just contacted me with the same request, here is what I did:

    In System - Hosts and Services - IP Host Tab: click Add button (top right). Created a new host object "blocklist abuse.ch". Choose IP List as Type. Copy and paste the abuse.ch IP List - Save.
    Created a new firewall DROP rule on the very top and used the newly created host object as destination.
    Tested 2 IPs from the list with Policy Tester - OK :-)

    Hope that helps,

    Regards
    Martin