This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

dnsbl.proxybl.org offline?

This morning I got a bunch of calls about all of our websites/portals taking 20+ seconds to load a page.  I jumped on our web server and it was running fine so I logged into the UTM and opened the WAF live log and saw a ton of these for every page request:

DNS lookup for 83.16.168.192.dnsbl.proxybl.org. failed

This the the dns reputation lookup that we current have turned on.  It appears that proxybl.org has had it's DNS wiped out!

I have temporarily turned off the reputation lookup and things are again running normal.  Just thought I would share in case anyone else is experiencing this.

Dave

This thread was automatically locked due to age.

0 dcline97 over 9 years ago

Considering this is the third day its been down - I wonder if its down for the count. I also wonder if Sophos is going to permanently replace it or at least remove it from the list of RBLs?

At least teched's script provides a nice workaround! - thanks teched!
Cancel
Vote Up 0 Vote Down

Cancel
0 Fenrir over 9 years ago

I'd like to hear from Sophos too. Gone for good, no news, no replacement? What's the deal with the blacklists now?
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 9 years ago in reply to Fenrir

Just remove the dead one as listed in this forum. It's doubtful it's coming back, and even if it is, I wouldn't trust it to remain stable at this point. The other 2 blacklists should suffice in the absence of proxybl.org .

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 9 years ago

I'd like to hear from Sophos too
Keep an eye on Sophos Blog | Security made simple and maybe they'll post something. This is a user to user forum, not a means of communicating with Sophos. If proxybl doesn't come back soon, Sophos will remove the listing in a future up2date.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 Fenrir over 9 years ago

I know, i wasn't asking for feedback here, we have an open case at sophos. I think it would be smart to build in a routine to pervent or detect the dns timeouts, so it won't happen again.
Cancel
Vote Up 0 Vote Down

Cancel
0 teched_01 over 9 years ago

What has been the official vendor support analysis and workaround for this situation?
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 9 years ago in reply to teched_01

I was the one that reported the issue and workaround to Sophos Support. Following Teched's (your) scripts will correct the issue.

To date no official response other than "thanks for the info." I'm sure they have an internal KB article on this their techs use to fix the problem if someone calls in about it.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 NewImage over 9 years ago

There are over a hundred other black lists available.
It would be nice if a blacklist (or other 3rd party resource that the UTM relies on) stops working, the UTM would temporarily disable checks with it, until it comes backup..
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 9 years ago in reply to NewImage

Not a bad idea -- perhaps you should create a feature request over at UTM (Formerly ASG) Feature Requests: Hot (2020 ideas)

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 9 years ago

And... as predicted, the next up2date (9.308) will remove the dead blacklist from the config, apparently:

34424 WAF: Client repuation check slow dnsbl.proxybl.org down

34426 Since few days dnsbl.proxybl.org is not reachable anymore

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel