SANS ISC/DShield Block List Not Updating, Check Point Seems To Have Trouble Resolving

[dbrown3611]

R77.30 in impacted environment, SMS Smart-1 225 and 5800 HA Clusters.

On April 5 SANS moved to a new TLS certificate and removed support for TLS 1.0, since that time the DShield block list has stopped updating. https://isc.sans.edu/forums/diary/IS...Updates/23521/

We worked with our 3rd party support vendor on the issue, they then escalated to Check Point in mid-May, 12th or 13th I recall. Initial response from CP was sk21534, which we thoroughly covered with 3rd party support. After some back and forth we're informed on May 17 that "There is an issue that is happening to multiple customer and there is a fix that will be integrated with the R80.10 JHF. We are currently verifying if this will also be included on the JHF for R77.30."

Now almost a month later and CP is still in the testing phase with the R77.30 HotFix. Very disappointing from my point of view.

Are others here still using DShield? Is DShield integrated into Anti-Bot (which we have enabled) and thus redundant?

[aweldon]

I stopped using the Check Point version with Dynamic Objects and instead implemented the CPDBL.net method

https://www.cpug.org/forums/showthre...ic-block-lists

[dbrown3611]

I stopped using the Check Point version with Dynamic Objects and instead implemented the CPDBL.net method

https://www.cpug.org/forums/showthre...ic-block-lists

That is attractive and thank you for pointing it out. We may well take that path if Outgoing traffic were also to be inspected (hopefully is still on the roadmap).