log4j_ip.intel pulling in 0.0.0.0 and 1.1.1.1 cloudflare dns - Githubissues

CriticalPathSecurity / Zeek-Intelligence-Feeds

Zeek-Formatted Threat Intelligence Feeds

MIT License

341 stars 46 forks source link

log4j_ip.intel pulling in 0.0.0.0 and 1.1.1.1 cloudflare dns #7

Closed glallen-cb closed 2 years ago

glallen-cb commented 2 years ago

https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/4fad0896f3b2996b3b4d59d3a1fcb82eeebca069/log4j_ip.intel#L2 0.0.0.0 and 1.1.1.1 jump out as potential false positives / unintended additions.

Patrick-Kelley commented 2 years ago

Yep. It was an upstream add. I’ll get an exclusion in there.

Patrick Kelley, CISSP, C|EH, ITIL CTO @.**@.>

On Dec 13, 2021, at 6:03 PM, glallen @.***> wrote:

https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/4fad0896f3b2996b3b4d59d3a1fcb82eeebca069/log4j_ip.intel#L2 0.0.0.0 and 1.1.1.1 jump out as potential false positives / unintended additions.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/issues/7, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABGPPYYPHN4QS4R3QSUNJCTUQZ3U7ANCNFSM5J7M5UMA.

Patrick-Kelley commented 2 years ago

As promised, I've built-in filtering for all no-routable addresses and have removed 0.0.0.0 and 1.1.1.1.

Unfortunately, this is an aggregation of community-data and the quality is based on that data.

I'll do my best to keep it solid.