====== Notes ======

During 2022, Infoblox's RPZ feeds included 32M unique indicators from original intelligence and had a reported false positive, negative impact rate of 0.00015%.

Infoblox gets early access to vulnerability information before it is published. That means Infoblox have time to patch and test fixes before the public are aware of the vulnerability.

===== Colour =====
Infoblox Green

Hex Color Codes [[https://color-hex.org/color/0ab548|#0ab548]]

Closest pantone match is 354C


===== Lessons =====
==== NTP Issue====
Customers using DNS security policies can block malware IP addresses, DoT/DoH IP addresses and also TOR Exit Node IP addresses. A customer once found that NTP servers from pool.ntp.org were being blocked based on returned IP by the DoH RPZ Feed. They reported this as a false positive. It turns out that there are several servers in pool.ntp.org that use IP addresses associated (correctly) with services like DoT/DoH, Tor Exit Node, Botnets, etc. And so they are legitimate targets to block. In this case, an ISP had decided to run a public DoH server on the same IP as a public NTP server that was in the pool.ntp.org pool.

Members of pool.ntp.org - Checked in TIDE in Feb 2023
  * 66.228.58[.]20 - TOR exit node
  * 207.244.103[.]95 - DHS NCCIC Watchlist
  * 138.236.128[.]36 - botnet location
  * 139.99.222[.]72 - DoH server