infoblox:notes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| infoblox:notes [2023/04/06 13:25] – bstafford | infoblox:notes [2023/04/17 08:21] (current) – bstafford | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| Infoblox gets early access to vulnerability information before it is published. That means Infoblox have time to patch and test fixes before the public are aware of the vulnerability. | Infoblox gets early access to vulnerability information before it is published. That means Infoblox have time to patch and test fixes before the public are aware of the vulnerability. | ||
| + | |||
| + | ===== Colour ===== | ||
| + | Infoblox Green | ||
| + | |||
| + | Hex Color Codes [[https:// | ||
| + | |||
| + | Closest pantone match is 354C | ||
| + | |||
| + | |||
| + | ===== Lessons ===== | ||
| + | ==== NTP Issue==== | ||
| + | Customers using DNS security policies can block malware IP addresses, DoT/DoH IP addresses and also TOR Exit Node IP addresses. A customer once found that NTP servers from pool.ntp.org were being blocked based on returned IP by the DoH RPZ Feed. They reported this as a false positive. It turns out that there are several servers in pool.ntp.org that use IP addresses associated (correctly) with services like DoT/DoH, Tor Exit Node, Botnets, etc. And so they are legitimate targets to block. In this case, an ISP had decided to run a public DoH server on the same IP as a public NTP server that was in the pool.ntp.org pool. | ||
| + | |||
| + | Members of pool.ntp.org - Checked in TIDE in Feb 2023 | ||
| + | * 66.228.58[.]20 - TOR exit node | ||
| + | * 207.244.103[.]95 - DHS NCCIC Watchlist | ||
| + | * 138.236.128[.]36 - botnet location | ||
| + | * 139.99.222[.]72 - DoH server | ||
infoblox/notes.1680787514.txt.gz · Last modified: by bstafford