On Sun, Apr 30, 2017 at 5:31 AM, Marc monsieurmarc@btinternet.com wrote:

Maybe we should start sharing block lists.

Marc,

HamWAN has a public blacklist system. Feel free to subscribe to it. It does not publish a full list, but rather sends addresses one by one, instantly*, as they are blocked.

*It takes about 1.5 seconds for report of a hack attempt to propagate to our logging system, pass analysis, and be published to our edge routers' firewall.

Here is the code behind the system (including a Mikrotik script you can use to subscribe): https://github.com/kd7lxl/blacklist-service

Anything blocked by the HamWAN network will be published here: http://monitoring.hamwan.net/blacklist

If it seems like it's not responding, that's normal. It is an HTTP longpoll service, so it will hang until there is data to be published, then that data is sent immediately. This mechanism allows pushing data (in this case, a blacklisted address) to a Mikrotik router without having to store admin credentials of that router on the blacklist system. Since it uses a standard protocol, it can be adapted for other platforms.

Tom KD7LXL