alexcpsec
commented
10 years ago Mixed feelings, because it actually reports on an URL and singles out the IP address. Might be good on a "URL" entity type in the future, I think.
Why do you like it?
Closed krmaxwell closed 10 years ago
alexcpsec
commented
10 years ago Mixed feelings, because it actually reports on an URL and singles out the IP address. Might be good on a "URL" entity type in the future, I think.
Why do you like it?
alexcpsec
commented
10 years ago Apart from the fact that the PacketMail guys are awesome? :wink:
krmaxwell
commented
10 years ago The URL isn't the part we're interested in, actually. I mean, it is interesting, but not for this project at this time. But the remote IP address that attempted to access the URL is interesting for Combine purposes.
alexcpsec
commented
10 years ago Of course. I need more :coffee: .
norwayfinland
commented
10 years ago One of the issues with this feed is that is may or may not indicate nefarious activity so without the URL context it's difficult to determine an errant link/request from one that is hostile. For example, the folks scanning for open EK panels and/or other issues versus someone accessing "iprep_perimeterbad.tx" (note the missing 't'). What is fairly unique in some basic sampling is that this is a unique data source that can overlap with community and private feeds but can also be a singular source as well.
Cheers, Nathan
norwayfinland
commented
9 years ago As of Feb 16 2015 this feed is no longer active/enabled:
https://www.packetmail.net/iprep_perimeterbad.txt
Thanks and apologies for any headaches.a
https://www.packetmail.net/iprep_perimeterbad.txt