0

Low quality threat intelligence feeds

The threat intelligence feeds used by NextDns doesn't seem to be trustworthy enough to be able to block malicious domains up to the mark. 

https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json

Most intelligence feeds seem to be from low popularity sources which aren't or may not be maintained well in near future or from the ones that are supported by just some individuals who may stop supporting their projects anytime . Openphish, Phishtank, abuse.ch and covid 19 phishing from sophos labs are probably the only ones reliable. Then there was this Cyber threat coalition covid 19 intelligence feed present which was reliable but now has ceased its operations . Although NextDns still uses this blocklist! It should have been using the cyberthreatalliance counter part's threat intelligence which at least has the Global cyber alliance as its partner. For those who don't know, The Global cyber alliance is an alliance between numerous cyber security companies from all over the world who share their threat intelligence with each other to battle the rising online threats in the world. Quad9 was founded by Global cyber alliance, IBM X force and PCH .

8 replies

null

Content aside

  • 3 yrs agoLast active
  • 8Replies
  • 640Views
  • 3 Following