(Unofficial) Emerging Threats DNS blocklists
Project repository: https://github.com/tweedge/emerging-threats-pihole
FILES AVAILABLE:
malicious.txt (recommended)
suspicious.txt
informational.txt
WHAT:
These blocklists are intended for use in PiHole or similar DNS-level filters. They are generated automatically from part of the current Emerging Threats Open ruleset, which is threat intelligence and signatures provided by the Emerging Threats research team and contributed to by security researchers around the world.
TECHNICAL NOTICE:
While these lists provide some DNS filtering coverage, the provided filter is NOT comparable to protection offered by Emerging Threats' signatures when implemented in an IPS such as Snort or Suricata. This is because IDS can perform advanced matching functionality and make bypassing the filter much more difficult. Some key examples:
* If a particular strain of malware queries the public DNS resolver 8.8.8.8 directly, this could bypass PiHole on your network.
* Emerging Threats includes much more than blocking specific domains, such as detecting and blocking DNS exfiltration attacks based on different parts of the DNS payload that PiHole would simply ignore.
* And of course, Emerging Threats covers 100s of different protocols with their signatures, extending FAR beyond DNS! This allows researchers to write very specific rules to detect and block threats at the network level, making it harder for malware or threats to hide from security staff by just changing what domain they use.
After all, a domain can cost only a few dollars - but re-engineering your custom malware implant could take days!
WHY:
First, of course I hope this can help you keep some malware/unwanted traffic/etc. off your network!
Second, for folks interested in cybersecurity (personal or career) that you get a glimpse of some new technology that you may not have heard of before and something fun to learn about - or maybe contribute to in the future! :)
SOMETHING IS WRONG:
Sorry! This is NOT an official Emerging Threats project and while I'll do my best to ensure correctness, these files are not provided with any guarantees.
Please report false positives or other issues here: https://github.com/tweedge/emerging-threats-pihole/issues