Was looking for something else and noticed that SNORT has an explicit rule against .ml domains, automatically flags any DNS query for a .ml domain as “suspicious malware activity”. I know that Meraki by default takes these kinds of rules as “Block this”, and likely other corporate appliances, so there might be people unable to reach lemmy.ml through them. I imagine there’s not many but hey :) The site mentions “No reported false positives” for the rule, might be a good idea to register at least one :)

  • jherazob@beehaw.orgOP
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Snort is THE Intrusion Detection system, probably the very first one. At some point the company that made it was acquired by Cisco, and of course ended being used by corporate internet appliances and the like. It’s main purpose is to alert admins when something suspicious and unusual is happening, but many times they set them up as “Block anything suspicious”, in this case it’s likely to lead to “A DNS request to a .ml domain? SUSPICIOUS! Block it!”, and you’ll have people saying “Lemmy.ml was off all day! When i went home it came back though” when it was in fact up uninterrupted.

    Just a thing to be aware of, maybe even report to them “Hey! Blocking a whole country TLD is not a good idea!”