Made a new BS List for ZTNA / Mesh / Overlay domains and URLs to block and hunt.
-
Made a new BS List for ZTNA / Mesh / Overlay domains and URLs to block and hunt. Many are poorly categorized by firewall and proxy vendors. Most have a free tier. For the self hosting you’ll need to dig further into the project docs.
.enclave.io/
.firezone.dev/
.headscale.net/
.husarnet.com/
.netbird.io/
.netmaker.io/
.openziti.io/
.tailscale.com/
.twingate.com/
.zerotier.com/
.github.com/easytier/
.github.com/slackhq/nebula/
.github.com/juanfont/headscale/
.github.com/webmeshproj/https://github.com/BadSamuraiDev/bs-lists/blob/main/ztna-mesh-overlay.txt
-
Made a new BS List for ZTNA / Mesh / Overlay domains and URLs to block and hunt. Many are poorly categorized by firewall and proxy vendors. Most have a free tier. For the self hosting you’ll need to dig further into the project docs.
.enclave.io/
.firezone.dev/
.headscale.net/
.husarnet.com/
.netbird.io/
.netmaker.io/
.openziti.io/
.tailscale.com/
.twingate.com/
.zerotier.com/
.github.com/easytier/
.github.com/slackhq/nebula/
.github.com/juanfont/headscale/
.github.com/webmeshproj/https://github.com/BadSamuraiDev/bs-lists/blob/main/ztna-mesh-overlay.txt
@badsamurai what's the idea behind blocking/warning on these domains? server can be compromised and use the services' mesh VPN to connect to attacker servers or what?
-
@badsamurai what's the idea behind blocking/warning on these domains? server can be compromised and use the services' mesh VPN to connect to attacker servers or what?
@xinayder yep. And inside threat of the negligence variety.
Of course I’m speaking to enterprises and organizations. if this is your own home or small business there are super valid reasons using this software.
-
R relay@relay.infosec.exchange shared this topic
