There is talk in the ATP about black hole. I thought on the feature request page we were going to have a manual/advanced blackhole optional list where we could add an IP and all communication from and to for all services would be blocked instantly. Will this be possible in the future?
There a "trick" on how to block your desired IP address. The threat data, provided by SophosLabs is located here: /var/pattern/aptp/threatdata
You could edit this file, and add your desired IP. The only problem the pattern updates run few times a day and the data gets overwritten. Indeed would be a nice feature blackholing an IP address and have this option somewhere in Webadmin. But this is a PM decision. As mentioned in the Release Notes: "Much more will be released on this technology, but for now, note that we have new notifications for this engine, a new status widget for the WebAdmin dashboard, and new logging/reporting entries. " Have fun with it [;)]
There a "trick" on how to block your desired IP address. The threat data, provided by SophosLabs is located here: /var/pattern/aptp/threatdata
You could edit this file, and add your desired IP. The only problem the pattern updates run few times a day and the data gets overwritten. Indeed would be a nice feature blackholing an IP address and have this option somewhere in Webadmin. But this is a PM decision. As mentioned in the Release Notes: "Much more will be released on this technology, but for now, note that we have new notifications for this engine, a new status widget for the WebAdmin dashboard, and new logging/reporting entries. " Have fun with it [;)]
