Closed krmaxwell closed 10 years ago
Mixed feelings, because it actually reports on an URL and singles out the IP address. Might be good on a "URL" entity type in the future, I think.
Why do you like it?
Apart from the fact that the PacketMail guys are awesome? :wink:
The URL isn't the part we're interested in, actually. I mean, it is interesting, but not for this project at this time. But the remote IP address that attempted to access the URL is interesting for Combine purposes.
Of course. I need more :coffee: .
One of the issues with this feed is that is may or may not indicate nefarious activity so without the URL context it's difficult to determine an errant link/request from one that is hostile. For example, the folks scanning for open EK panels and/or other issues versus someone accessing "iprep_perimeterbad.tx" (note the missing 't'). What is fairly unique in some basic sampling is that this is a unique data source that can overlap with community and private feeds but can also be a singular source as well.
Cheers, Nathan
As of Feb 16 2015 this feed is no longer active/enabled:
https://www.packetmail.net/iprep_perimeterbad.txt
Thanks and apologies for any headaches.a
https://www.packetmail.net/iprep_perimeterbad.txt