User Tools

Site Tools


pfsense:suricata:alerts:et_drop_dshield_block_listed_source_group_1

PFSense - Suricata - Alerts - ET DROP Dshield Block Listed Source group 1

One of the main regularly updated threats and is an IP list of bad addresses.

These IP addresses can be marked bad from various sources.


This signature simply alerts when any inbound traffic matches any IP from the Drop Dshield block list.

This list is created by ISC (Internet Storm Center) who provides threat intelligence and analysis. See dshield.org for more info.

Here's a good few sentences regarding DShield:

  • The ISC uses the DShield distributed intrusion detection system for data collection and analysis.
  • DShield collects data about malicious activity from across the Internet.
  • This data is cataloged and summarized and can be used to discover trends in activity, confirm widespread attacks, or assist in preparing better firewall rules.

This particular rule is for the top 20 block list.

If you saw this rule fire this would indicate you observed traffic from one of these deemed bad subnets.

This was likely internet recon/scanning traffic looking for open ports, vulnerabilities, etc.

pfsense/suricata/alerts/et_drop_dshield_block_listed_source_group_1.txt · Last modified: 2021/01/15 00:38 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki