25 May
2018
25 May
'18
3:51 a.m.
Thanks Ruben. I ran that and we already had something like 90%
of those addresses in the blocking table. I added the rest.
That may help a little. We'll have to run it periodically.
- Brian
On Fri, May 25, 2018 at 08:31:55AM +0000, Ruben ON3RVH wrote:
Opt-out forms are indeed a gigantic waste of time.
That's been proven a lot.
For a list of Shodan IP's that is maintained, you can check out
https://isc.sans.edu/api/threatlist/shodan?json , they update that list daily
The list is in json format, a simple script can translate that into a text file, like the
below line
--
curl -s https://isc.sans.edu/api/threatlist/shodan?json | jq '.[] | {ipv4}' |
grep ':' | awk '{ print $2 }' | tr -d '"'
--
Also check out
https://isc.sans.edu/forums/diary/Using+Our+API+To+Adjust+iptables+Rules/23… for some
info on how to incorporate that into iptables.
A simple script can also be made for mikrotik, or you can use a central BGP router on
linux (like exabgp/quagga/frr/...) which sends those IP's to it's peers which can
then blackhole that traffic from those IP's
73,
Ruben - ON3RVH