Was looking for something else and noticed that SNORT has an explicit rule against .ml domains, automatically flags any DNS query for a .ml domain as “suspicious malware activity”. I know that Meraki by default takes these kinds of rules as “Block this”, and likely other corporate appliances, so there might be people unable to reach lemmy.ml through them. I imagine there’s not many but hey :) The site mentions “No reported false positives” for the rule, might be a good idea to register at least one :)

  • @nutomic@lemmy.mlM
    link
    fedilink
    1011 months ago

    What is this Snort and who is using it? Never heard of Meraki either. Anyway people who are affected by that can just sign up on another instance. And changing domains is not possible with federation.

    • v_perjorative
      link
      fedilink
      1311 months ago

      Snort is intrusion detection software that commonly runs on corporate firewalls. Meraki are corporate WiFi systems made by Cisco. So basically potentially affecting anyone accessing through work resources.

    • @jherazob@beehaw.orgOP
      link
      fedilink
      911 months ago

      Snort is THE Intrusion Detection system, probably the very first one. At some point the company that made it was acquired by Cisco, and of course ended being used by corporate internet appliances and the like. It’s main purpose is to alert admins when something suspicious and unusual is happening, but many times they set them up as “Block anything suspicious”, in this case it’s likely to lead to “A DNS request to a .ml domain? SUSPICIOUS! Block it!”, and you’ll have people saying “Lemmy.ml was off all day! When i went home it came back though” when it was in fact up uninterrupted.

      Just a thing to be aware of, maybe even report to them “Hey! Blocking a whole country TLD is not a good idea!”