We had a scare on our network today where we thought we might have had a PC with a Crypto Locker infection that, THANKFULLY, turned out to be only the Homeland Security virus and only on one PC. That got me to thinking of something that never really crossed my mind before though.
In my ASA I have a rule that blocks all access to & from various IP addresses that we have deemed to be problematic. What I am wondering though, is if anyone is maintaining and/or using a public list of toxic IP addresses to block access to/from sites that are virus/malware infection or hacking sources but doing it at the firewall/router level instead of the antivirus software level? We use a mail relay server with MailScanner with SpamAssassin to check several DNSBLs for spam but I am looking to do the same on the firewall level based on network address.
Thoughts? Recommendations?