Domains that are whitelisted that shouldn't be on the redit page.
I'm a newbie here, but have many years of DNS filtering experience,
I see domains that are whitelisted on this list.
https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json
I hope that isn't what's the source of the 'Use Threat Intelligence Feeds' enable/disable box.
is it or is this just someone's suggestions.
2 replies
-
In particular there are mega huge issues whitelisting these domains,
"*.docs.google.com", "*.docs.zoho.com", "*.downloads.intercomcdn.com", "*.drive.google.com", "*.dropbox.com", "*.dropboxusercontent.com", https://cofense.com/phishers-using-google-forms-bypass-popular-email-gateways/
Here's just one example of viruses/malware/ransomware that are hidden in dropbox, google drive etc. accounts/ links emailed to people.
I can provide a lot more if someone must have it, I do threat intelligence for a living full time, this is how ransomware spreads seriously fast. whitelisting amazonaws is the worst thing one can do.
I know what may be intended is to take the threatfeeds, and REMOVE the blocks that block everything on docs.google.com for example
what needs to be done is to download those threatlists, delete the ones that are useful then scan every docs.google.com link in an email at the time of clicking.
link scanning, and sandboxing are great to use for email filtering.
scanning the link before the PC or mac goes to that website is the best thing, whatever it takes to achieve that.
any ideas or suggestions, I just wanted to confirm that this isn't the real one that nextdns.io uses
Thanks everyone
-
I do really like the control panel, and the features. The infrastructure is much much better than others that think they know how to filter DNS inspite of what their marketing on their website says. I look forward to reading comments and posts. Thank you all.
Content aside
- 3 yrs agoLast active
- 2Replies
- 110Views
-
2
Following