IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
218.92.0.218 | - | 9 |
218.92.0.223 | - | 9 |
218.92.0.226 | - | 9 |
218.92.0.227 | - | 9 |
218.92.0.230 | - | 9 |
218.92.0.232 | - | 9 |
218.92.0.233 | - | 9 |
37.44.238.68 | ssd5-5196.9995 | 8 |
45.148.10.203 | - | 8 |
79.137.202.88 | flippant-love.aeza.network | 8 |
218.92.0.111 | - | 8 |
218.92.0.198 | - | 8 |
218.92.0.216 | - | 8 |
218.92.0.217 | - | 8 |
218.92.0.219 | - | 8 |
218.92.0.220 | - | 8 |
218.92.0.221 | - | 8 |
218.92.0.222 | - | 8 |
218.92.0.225 | - | 8 |
218.92.0.228 | - | 8 |
218.92.0.229 | - | 8 |
218.92.0.231 | - | 8 |
218.92.0.235 | - | 8 |
218.92.0.236 | - | 8 |
218.92.0.237 | - | 8 |
195.178.110.6 | - | 8 |
203.81.86.34 | - | 8 |
47.236.115.10 | - | 8 |
2.57.122.32 | - | 7 |
2.57.122.33 | - | 7 |
45.148.10.46 | - | 7 |
92.255.85.188 | - | 7 |
92.255.85.189 | - | 7 |
141.98.10.198 | 1rja.talonted.eu.com | 7 |
157.230.83.38 | - | 7 |
162.142.125.212 | scanner-05.ch1.censys-scanner.com | 7 |
178.160.195.60 | - | 7 |
202.95.12.147 | - | 7 |
218.92.0.112 | - | 7 |
218.92.0.114 | - | 7 |
103.164.9.147 | - | 7 |
14.103.165.154 | - | 7 |
182.215.66.232 | - | 7 |
36.138.238.230 | - | 7 |
47.237.24.160 | - | 7 |