search

stamparm / ipsum

Daily feed of bad IPs (with blacklist hit scores)
The Unlicense
1.58k stars 146 forks source link

Blocking ALL SHODAN census server IPs #3

Closed infracritical closed 6 years ago

infracritical commented 6 years ago

You should probably include ALL of the SHODAN census servers. There are quite a few of them.

Take a look at the URL is here:

https://wiki.ipfire.org/configuration/firewall/blockshodan

census1.shodan.io 198.20.69.72 - 198.20.69.79 US census2.shodan.io 198.20.69.96 - 198.20.69.103 US census3.shodan.io 198.20.70.111 - 198.20.70.119 US census4.shodan.io 198.20.99.128 - 198.20.99.135 NL census5.shodan.io 93.120.27.62 RO census6.shodan.io 66.240.236.119 US census7.shodan.io 71.6.135.131 US census8.shodan.io 66.240.192.138 US census9.shodan.io 71.6.167.142 US census10.shodan.io 82.221.105.6 IS census11.shodan.io 82.221.105.7 IS census12.shodan.io 71.6.165.200 US atlantic.census.shodan.io 188.138.9.50 DE pacific.census.shodan.io 85.25.103.50 DE rim.census.shodan.io 85.25.43.94 DE pirate.census.shodan.io 71.6.146.185 US inspire.census.shodan.io 71.6.146.186 US ninja.census.shodan.io 71.6.158.166 US border.census.shodan.io 198.20.87.96 - 198.20.87.103 US burger.census.shodan.io 66.240.219.146 US atlantic.dns.shodan.io 209.126.110.38 US blog.shodan.io 104.236.198.48 US hello.data.shodan.io 104.131.0.69 US www.shodan.io 162.159.244.38 US host private.shodan.io , ny.private.shodan.io 159.203.176.62 atlantic249.serverprofi24.com 188.138.1.119 sky.census.shodan.io 80.82.77.33 dojo.census.shodan.io 80.82.77.139 ubtuntu16146130.aspadmin.com 71.6.146.130 shodan.io 66.240.205.34 malware-hunter.census.shodan.io 216.117.2.180

Community submitted IP addresses:

battery.census.shodan.io 93.174.95.106 house.census.shodan.io 89.248.172.16 goldfish.census.shodan.io 185.163.109.66 battery.census.shodan.io 93.174.95.106 mason.census.shodan.io 89.248.167.131 flower.census.shodan.io 94.102.49.190 cloud.census.shodan.io 94.102.49.193 turtle.census.shodan.io 185.181.102.18

Last updated: 2017-12-07

infracritical commented 6 years ago

BTW, I've worked with John Matherly since he created SHODAN back in 2008. Also, I ran a large-scaled project that searched for SCADA/ICS devices via/using SHODAN, called "Project SHINE"; "SHINE" means "SHodan INtelligence Extraction". You can read the findings report here:

https://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014

infracritical commented 6 years ago

Also, another individual wrote a bash script to update a black list for SHODAN:

https://github.com/romcheckfail/shodan-ip-block-list

stamparm commented 6 years ago

Those IPs are already there. For example, just take a look into https://github.com/stamparm/ipsum/blob/master/levels/4.txt and you'll see majority of them there.

If you haven't found in (e.g.) level 8 list that's because those are not in >= 8 of blacklists