looterz
commented
6 years ago This format should work fine with the existing source list system. It is also worth noting that the equation group toolset is built specifically to circumvent these kinds of defenses by adversaries, and that merely blacklisting alleged NSA associated ip ranges will not provide any meaningful form of detection, prevention or response to attacks on your network.
List can be found here:
https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS
note: this is built for Windows hosts, but I can imagine there's some way to tranlsate that into Linux