Become an AceSign inSign up
stamparm/ ipsum
iptables Security ipset
View on GitHub
Need help with ipsum?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

stamparm
556 Stars 76 Forks The Unlicense 1 Commits 2 Opened issues

Description

Daily feed of bad IPs (with blacklist hit scores)

Services available

!
?

Need anything else?

Contributors list

Miroslav Stampar stamparm
# 241
Python
Shell
Perl
vulnera...
 1 commit

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with 

ipset
, you can do the following: 
sudo su
apt -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2021-02-03)

|IP|DNS lookup|Number of (black)lists| |---|---|--:| 51.77.135.89|ns31066279.ip-51-77-135.eu|10 171.25.193.78|tor-exit4-readme.dfri.se|9 171.25.193.20|tor-exit0-readme.dfri.se|9 23.129.64.227|-|8 185.220.102.248|tor-exit-relay-2.anonymizing-proxy.digitalcourage.de|8 185.220.102.249|tor-exit-relay-3.anonymizing-proxy.digitalcourage.de|8 185.220.102.6|185-220-102-6.torservers.net|8 178.165.72.177|178-165-72-177-kh.maxnet.ua|8 185.56.80.65|onion.xor.sc|8 62.102.148.69|-|8 81.161.63.103|-|8 185.191.124.151|-|8 91.192.103.11|-|8 185.220.101.8|-|8 185.220.101.24|-|8 171.25.193.25|tor-exit5-readme.dfri.se|8 185.220.102.251|tor-exit-relay-5.anonymizing-proxy.digitalcourage.de|8 185.220.101.197|-|8 185.220.102.250|tor-exit-relay-4.anonymizing-proxy.digitalcourage.de|8 185.220.101.205|-|8 185.220.100.241|tor-exit-14.zbau.f3netze.de|7 185.213.155.169|-|7 206.189.99.34|-|7 185.220.102.244|185-220-102-244.torservers.net|7 185.220.102.245|185-220-102-245.torservers.net|7 185.220.102.242|185-220-102-242.torservers.net|7 185.220.102.243|185-220-102-243.torservers.net|7 162.247.74.74|wiebe.tor-exit.calyxinstitute.org|7 206.189.100.34|-|7 94.142.241.194|tor-exit.vrij-heid.nl|7 178.20.55.18|marcuse-2.nos-oignons.net|7 104.248.194.130|-|7 192.42.116.16|tor-exit.hartvoorinternetvrijheid.nl|7 185.220.101.218|-|7 174.138.12.116|-|7 185.220.101.193|-|7 185.117.119.189|unknowhekker.example.com|7 162.247.74.27|turing.tor-exit.calyxinstitute.org|7 162.247.74.217|perry.fellwock.tor-exit.calyxinstitute.org|7 45.148.10.54|edc75.howacc.pro|7 80.67.172.162|algrothendieck.nos-oignons.net|7 62.102.148.68|-|7 89.248.167.131|mason.census.shodan.io|7 185.220.100.247|tor-exit-8.zbau.f3netze.de|7 195.206.105.217|zrh-exit.privateinternetaccess.com|7 51.158.111.157|157-111-158-51.instances.scw.cloud|7 104.244.74.57|tor1.panhu.xyz|7 185.220.102.246|185-220-102-246.torservers.net|7 51.210.80.127|tor-exit-fr.letztermensch.com|7 185.191.124.153|-|7 185.191.124.152|-|7 91.192.103.15|-|7 91.192.103.16|-|7 91.192.103.17|-|7 171.25.193.77|tor-exit1-readme.dfri.se|7 185.220.101.9|-|7 185.220.101.1|-|7 185.170.114.25|this-is-a-tor-node---10.artikel5ev.de|7 185.220.101.22|-|7 104.248.204.226|-|7 185.220.102.4|communityexit.torservers.net|7 93.174.95.106|battery.census.shodan.io|7 185.220.103.10|judifeingold.tor-exit.calyxinstitute.org|7 188.166.53.163|-|7 185.220.102.254|tor-exit-relay-8.anonymizing-proxy.digitalcourage.de|7 185.220.102.253|tor-exit-relay-7.anonymizing-proxy.digitalcourage.de|7 64.113.32.29|tor.t-3.net|7 91.192.103.25|-|7 91.192.103.24|-|7 185.220.101.198|-|7 185.220.101.194|-|7 185.220.101.207|-|7 185.220.101.202|-|7 162.247.73.192|-|7 62.210.105.116|62-210-105-116.rev.poneytelecom.eu|7 185.220.101.208|-|7 185.220.101.204|-|7 185.220.101.200|-|7

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.