Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #753 > unrolled thread

current public ip blocklists

Started bySupratim Sanyal <supratim@riseupdeleteme.net>
First post2022-03-06 00:00 -0500
Last post2022-06-08 00:07 -0400
Articles 6 — 4 participants

Back to article view | Back to comp.os.linux.security


Contents

  current public ip blocklists Supratim Sanyal <supratim@riseupdeleteme.net> - 2022-03-06 00:00 -0500
    Re: current public ip blocklists Grant Taylor <gtaylor@tnetconsulting.net> - 2022-03-05 22:56 -0700
      Re: current public ip blocklists Allodoxaphobia <trepidation@example.net> - 2022-05-24 13:32 +0000
        Re: current public ip blocklists Supratim Sanyal <supratim@riseupdeleteme.net> - 2022-06-08 00:11 -0400
          Re: current public ip blocklists rek2 hispagatos <rek2@hispagatos.org.invalid> - 2022-07-08 14:56 +0000
      Re: current public ip blocklists Supratim Sanyal <supratim@riseupdeleteme.net> - 2022-06-08 00:07 -0400

#753 — current public ip blocklists

FromSupratim Sanyal <supratim@riseupdeleteme.net>
Date2022-03-06 00:00 -0500
Subjectcurrent public ip blocklists
Message-ID<t01f6a$6k5$1@gioia.aioe.org>
I am currently maintaining the following IP blocklists based on 
brute-force attacks. Maybe useful to folks usimg pfBlockerNG on pfSense, 
pihole, etc.

http://sanyalnet-cloud-vps.freeddns.org/blocklist.txt
http://sanyalnet-cloud-vps2.freeddns.org/blocklist.txt
http://sanyalnet-cloud-vps3.freeddns.org/blocklist.txt
http://sanyalnet-cloud-vps4.duckdns.org/blocklist.txt
http://impvax.duckdns.org/blocklist.txt
http://hecnet-us-east-gw.duckdns.org/blocklist.txt

(the last two are currently the same server for now).

thanks.

[toc] | [next] | [standalone]


#754

FromGrant Taylor <gtaylor@tnetconsulting.net>
Date2022-03-05 22:56 -0700
Message-ID<t01idh$epm$1@tncsrv09.home.tnetconsulting.net>
In reply to#753
On 3/5/22 10:00 PM, Supratim Sanyal wrote:
> I am currently maintaining the following IP blocklists

I'm curious why you have multiple different lists.

I would think that you would have the systems linked so that they can 
share IPs and block sources that have attacked other systems.



-- 
Grant. . . .
unix || die

[toc] | [prev] | [next] | [standalone]


#756

FromAllodoxaphobia <trepidation@example.net>
Date2022-05-24 13:32 +0000
Message-ID<slrnt8pni4.2tsc.trepidation@vps.jonz.net>
In reply to#754
On Sat, 5 Mar 2022 22:56:22 -0700, Grant Taylor wrote:
> On 3/5/22 10:00 PM, Supratim Sanyal wrote:
>> I am currently maintaining the following IP blocklists
>
> I'm curious why you have multiple different lists.
>
> I would think that you would have the systems linked so that they can 
> share IPs and block sources that have attacked other systems.

I was hoping to see some discuss here.
I currently get a list of Bad Actors from

	https://github.com/stamparm/ipsum

  to use as an addendum to the CIDRs I generate from my own pflog 
for my VPS.

Jonesy
-- 
  Marvin L Jones    | Marvin      | W3DHJ.net  | linux
   38.238N 104.547W |  @ jonz.net | Jonesy     |  FreeBSD
    * Killfiling google & XXXXbanter.com: jonz.net/ng.htm

[toc] | [prev] | [next] | [standalone]


#758

FromSupratim Sanyal <supratim@riseupdeleteme.net>
Date2022-06-08 00:11 -0400
Message-ID<t7p7ht$1mt3$1@gioia.aioe.org>
In reply to#756
On 5/24/22 9:32 AM, Allodoxaphobia wrote:
> I currently get a list of Bad Actors from
> 
> 	https://github.com/stamparm/ipsum

great lists; will use them. thanks.

[toc] | [prev] | [next] | [standalone]


#759

Fromrek2 hispagatos <rek2@hispagatos.org.invalid>
Date2022-07-08 14:56 +0000
Message-ID<ta9gj6$o976$1@dont-email.me>
In reply to#758
Interesting.

On 2022-06-08, Supratim Sanyal <supratim@riseupdeleteme.net> wrote:
> On 5/24/22 9:32 AM, Allodoxaphobia wrote:
>> I currently get a list of Bad Actors from
>> 
>> 	https://github.com/stamparm/ipsum
>
> great lists; will use them. thanks.


-- 
gemini://hispagatos.org
gemini://rek2.hispagatos.org
https://hispagatos.org
https://hispagatos.space/@rek2

[toc] | [prev] | [next] | [standalone]


#757

FromSupratim Sanyal <supratim@riseupdeleteme.net>
Date2022-06-08 00:07 -0400
Message-ID<t7p7a7$1j0h$1@gioia.aioe.org>
In reply to#754
On 3/6/22 12:56 AM, Grant Taylor wrote:
> On 3/5/22 10:00 PM, Supratim Sanyal wrote:
>> I am currently maintaining the following IP blocklists
> 
> I'm curious why you have multiple different lists.
> 
> I would think that you would have the systems linked so that they can 
> share IPs and block sources that have attacked other systems.

they are also reported to blocklist.de and abuseipd; all boxes use 
blocklist.de's list, so the ips are shared indirectly ...

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web