blacklist feature & IP addresses

[nakedteadrinker]

Can the blacklist feature or the ABE feature be used to block scripts from selected IP addresses? If so, how? If not, would the addition of such feature be possible, i.e., does noscript have access to the IP information used by firefox for a url?

For example, I would like to consider blocking scripts from the top 50 IP addresses on the stopbadware IP list-- http://www.stopbadware.org/reports/ip

(No doubt some may agree and some may disagree with blocking based on the stopbadware IP list, my question is whether it can be done, not whether it is a good or bad idea)

[dhouwn]

You mean blocking of hosts whose domain name resolves to an IP address on a blacklist?

[Giorgio Maone]

Code: Select all

Site 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4
Deny

You can also specify subnets, like

Code: Select all

Site 192.168

or

Code: Select all

Site 192.168.0.0/24

[nakedteadrinker]

@ Giorgio Maone

thank you for the info. given such method, here is the source of what may be an excellent blacklist for noscript--

Top 20 Malicious Autonomous Systems for [current date] http://maliciousnetworks.org/index.php
Malicious Host Information for [asn example] http://maliciousnetworks.org/ipinfo.php?as=21844
The "exploit server" IP addresses listed are the servers of the actual driveby downloads, not mere compromised webpage victims http://maliciousnetworks.org/info.php
Here is what security researcher Krebs has to say about the above system (see "PLAYING WITH FIRE" section) http://krebsonsecurity.com/2010/03/nami ... -bad-isps/

Above not a full malware solution surely, but could lower the attack surface, even if only the (~400) exploit servers of the 20 worst ASNs are blocked. (A bypass option for ABE could allow people to proceed, if people are worried about false positives.)