Thanks Ruben. I ran that and we already had something like 90% of those addresses in the blocking table. I added the rest. That may help a little. We'll have to run it periodically. - Brian
On Fri, May 25, 2018 at 08:31:55AM +0000, Ruben ON3RVH wrote:
Opt-out forms are indeed a gigantic waste of time. That's been proven a lot. For a list of Shodan IP's that is maintained, you can check out https://isc.sans.edu/api/threatlist/shodan?json , they update that list daily The list is in json format, a simple script can translate that into a text file, like the below line -- curl -s https://isc.sans.edu/api/threatlist/shodan?json | jq '.[] | {ipv4}' | grep ':' | awk '{ print $2 }' | tr -d '"' --
Also check out https://isc.sans.edu/forums/diary/Using+Our+API+To+Adjust+iptables+Rules/231... for some info on how to incorporate that into iptables. A simple script can also be made for mikrotik, or you can use a central BGP router on linux (like exabgp/quagga/frr/...) which sends those IP's to it's peers which can then blackhole that traffic from those IP's
73,
Ruben - ON3RVH