firehol / blocklist-ipsets

ipsets dynamically updated with firehol's update-ipsets.sh script
https://iplists.firehol.org
3.2k stars 386 forks source link

zcaler blocked #204

Open amoore2600 opened 2 years ago

amoore2600 commented 2 years ago

We noticed that the entire network for Zscaler 165.225.0.0/17 is on the firehol_webserver.netset and this appears to be a mistake.

Zscaler is an American cloud-based information security company headquartered in San Jose, California. As of November, 2021 the company has a market capitalization of over US$45 billion. The company has more than 150 data centers with customers in 185 countries

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#

# start

NetRange:       165.225.0.0 - 165.225.127.255
CIDR:           165.225.0.0/17
NetName:        ZSCAL
NetHandle:      NET-165-225-0-0-1
Parent:         NET165 (NET-165-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS53813, AS55242, AS62907, AS22616, AS32921, AS40384, AS53444
Organization:   ZSCALER, INC. (ZSCAL)
RegDate:        2014-11-14
Updated:        2015-01-21
Comment:        -----BEGIN CERTIFICATE-----MIIDjjCCAnYCCQCXlqaF54U65TANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRYwFAYDVQQKDA1ac2NhbGVyLCBJbmMuMRUwEwYDVQQDDAxac2NhbGVyIFJEQVAxIjAgBgkqhkiG9w0BCQEWE3BvYy1ub2NAenNjYWxlci5jb20wHhcNMjAwMzE4MjE1NTI0WhcNMjEwMzE4MjE1NTI0WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRYwFAYDVQQKDA1ac2NhbGVyLCBJbmMuMRUwEwYDVQQDDAxac2NhbGVyIFJEQVAxIjAgBgkqhkiG9w0BCQEWE3BvYy1ub2NAenNjYWxlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu1sp/hVQCG5Jz9s8J7GWWJ1Zj69CiddN/2axpTbvLAqRNhlUi5GQTZgcEiHqgop7sW7CRyABrdAEsT+MnP3QKPuLA8we2upndB1K0wKsgYsdp/AUsPxNsZJ2leSWtpNkXQ2iPtc+h15QLvJ6eGmk/qmfLoo0F+olYdW003dukRDSTfBfbxTmXQS2UW/dkdo8ONLEAXqR7yEag9lvCgMiGwYapbDy6H3cthOaFsZHh1lvyHNLIHzU1e6hX0M3+T6WfN4pYpB+GhbAu9YdddvVhmCptpenus+IRAbjZM4J9JsqUqkOCnrue3/KbWVxiPLRxpQ4d4Y6N53nz2xaE0v9xAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJVWiQsqewodRgiypYY1yLMDR+MEwnaZIP3wAwTe2GkJYI2w1hK0/8hZvvog7axnEm4rdi+D/myG66Ne/i+0WqCzVPi8cmFW/aEIKxekNzjVpllb9OY39b7ggR0OCMsmDPl6n5WmfNepUIzfbJ/5Slc4F3Cjt+5Nx2tIBjgIAVjipoyjYI/SvHaZHVEFZPl7xOSxQyckJKylZE2OC9PxqUPzZINurAur1Np4M/695flYIgmfWv8bqB2KN4MPJcdOFuBac8j6mMO9qj2VUOuTaHktfVdESDyI8VVJoICl140K0aIvRVqq3HsVJzA3p2GNdtyX1/Xna6zYSooeVkUcCrs=-----END CERTIFICATE-----
Ref:            https://rdap.arin.net/registry/ip/165.225.0.0

OrgName:        ZSCALER, INC.
OrgId:          ZSCAL
Address:        120 Holger Way
City:           San Jose
StateProv:      CA
PostalCode:     95134
Country:        US
RegDate:        2011-03-18
Updated:        2021-07-12
Comment:        Zscaler customer traffic originates from colocation facilities around the world. You should *NOT* use the address or contact information here for the purposes of geolocation. Additionally, because traffic egressing our network may belong to any one of our customers, you should not assume that this traffic belongs to us.
Comment:        
Comment:        For network or security incidents, please reach out to our abuse POC, which is actually monitored and actioned.
Ref:            https://rdap.arin.net/registry/entity/ZSCAL

OrgAbuseHandle: POCAB2-ARIN
OrgAbuseName:   poc-abuse
OrgAbusePhone:  +1-408-701-0534 
OrgAbuseEmail:  poc-abuse@zscaler.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/POCAB2-ARIN

OrgTechHandle: POCTE3-ARIN
OrgTechName:   poc-tech
OrgTechPhone:  +1-408-701-0534 
OrgTechEmail:  poc-tech@zscaler.com
OrgTechRef:    https://rdap.arin.net/registry/entity/POCTE3-ARIN

OrgNOCHandle: POCNO1-ARIN
OrgNOCName:   poc-noc
OrgNOCPhone:  +1-408-701-0534 
OrgNOCEmail:  poc-noc@zscaler.com
OrgNOCRef:    https://rdap.arin.net/registry/entity/POCNO1-ARIN

# end

# start

NetRange:       165.225.38.0 - 165.225.38.255
CIDR:           165.225.38.0/24
NetName:        ZSCALER-NYC3
NetHandle:      NET-165-225-38-0-1
Parent:         ZSCAL (NET-165-225-0-0-1)
NetType:        Reassigned
OriginAS:       AS22616
Customer:       Zscaler, Inc. (C06255797)
RegDate:        2016-11-10
Updated:        2016-11-10
Ref:            https://rdap.arin.net/registry/ip/165.225.38.0

CustName:       Zscaler, Inc.
Address:        111 8th Avenue
City:           New York
StateProv:      NY
PostalCode:     10011
Country:        US
RegDate:        2016-11-10
Updated:        2016-11-10
Ref:            https://rdap.arin.net/registry/entity/C06255797

OrgAbuseHandle: POCAB2-ARIN
OrgAbuseName:   poc-abuse
OrgAbusePhone:  +1-408-701-0534 
OrgAbuseEmail:  poc-abuse@zscaler.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/POCAB2-ARIN

OrgTechHandle: POCTE3-ARIN
OrgTechName:   poc-tech
OrgTechPhone:  +1-408-701-0534 
OrgTechEmail:  poc-tech@zscaler.com
OrgTechRef:    https://rdap.arin.net/registry/entity/POCTE3-ARIN

OrgNOCHandle: POCNO1-ARIN
OrgNOCName:   poc-noc
OrgNOCPhone:  +1-408-701-0534 
OrgNOCEmail:  poc-noc@zscaler.com
OrgNOCRef:    https://rdap.arin.net/registry/entity/POCNO1-ARIN

# end

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
idc77 commented 2 years ago

Report this repository to github.

Apparently https://github.com/ktsaou is the owner of this organisation, at least he's the one doing those automated commits.

If nothing else helps legal action might be necessary.

betterthan70 commented 9 months ago

Zscaler IPs are still added in the list - how can we remove them permanently? E.g. a lot of addresses from 165.225.206.0/23 range.