ip_rep_basic.yml marks Cisco OpenDNS as "suspicious"

[candlerb]

Question which relates to #117.

ip_rep_basic.yml flags one of OpenDNS's servers - owned by Cisco since 2015 - as "suspicious":

$ egrep -R '208\.67\.222\.222|208\.67\.220\.220' dictionaries/ip_rep_basic.yml
"208.67.220.220": "dns,suspicious,named"
$ 

Oddly, only one of the two available endpoints is marked this way. Also, this file doesn't list other public DNS caches (e.g. Google, CloudFlare, Quad9) - in fact those are explicitly whitelisted in dictionaries/ip_rep_whitelist.yml

Clearly users are able to amend the whitelist, but I just wondered how come Cisco's service got flagged as suspicious in the first place?

[robcowart]

The IP reputation tags are generated from a variety of OSINT sources. I cannot comment on how any of these IPs specifically "made the list". I am simply passing on the determination made by others.