Next-gen firewalls and URL / domain reputation and classification

• Previous message (by thread): Detecting, mitigating, and preventing distributed large-scale prefix de-aggregation attacks
• Next message (by thread): Next-gen firewalls and URL / domain reputation and classification
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings and good day.

What products/services are folks using on their networks for domain
reputation or classification-based filtering? There are various vendors
(Fortinet, Palo Alto, Talos/Cisco, McAfee, etc) who maintain their own
databases for this purpose, and I'm working to make sure a
recently acquired domain name is classified and evaluated correctly. I have
been seeing reports from end users on a handful of different ISP networks
being blocked or redirected to something like safebrowse.io due to this
sort of reputation-based filter. Re-classifications have been submitted to
a lot of the major vendors in this space, but I don't maintain an
exhaustive list, and individual ISPs seem to have varying degrees of
success responding to these requests.

Any input on the subject, or anecdotes from anyone with operational
experience is much appreciated.

Thanks,
Devern

-- 
Devern Adams
devernadams at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221026/ba3e0b6e/attachment.html>

• Previous message (by thread): Detecting, mitigating, and preventing distributed large-scale prefix de-aggregation attacks
• Next message (by thread): Next-gen firewalls and URL / domain reputation and classification
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]