Document Existing Usage for abuse.ch - Githubissues

sidallocation / sidallocation.org

https://sidallocation.org

9 stars 4 forks source link

Document Existing Usage for abuse.ch #4

Open zoomequipd opened 2 years ago

zoomequipd commented 2 years ago

Contact Details

twitter.com/abuse_ch

What organization is using the sid range?

abuse.ch

SID Ranges

I was able to find the following ranges in use as of 2022-01-29

Low End	High End	Url
900505003	900507802	https://feodotracker.abuse.ch/downloads/feodotracker.rules
900605001	900607802	https://feodotracker.abuse.ch/downloads/feodotracker_aggressive.rules
902200000	902204616	https://sslbl.abuse.ch/blacklist/sslblacklist.rules
903200000	903204616	https://sslbl.abuse.ch/blacklist/sslblacklist_tls_cert.rules
904200000	904200022	https://sslbl.abuse.ch/blacklist/sslipblacklist.rules
905200000	905208077	https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.rules
906200000	906200096	https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules
80864327	82877945	https://urlhaus.abuse.ch/downloads/suricata-ids/
90162588	90315707	https://threatfox.abuse.ch/downloads/threatfox_suricata.rules
5012000	5012999	Privately Used

IDS Engine

[X] Snort
[X] Suricata

zoomequipd commented 2 years ago

Created the issue to start tracking the sid ranges in use. I am working with abuse.ch to further document and verify the sid ranges discovered. Once everything has been verified, I'll create a PR.