sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-29 18:32:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

comparisons are now made using the COMMON IPs mode, which is 20+ times faster than mode COMBINE

Browse Source
This commit is contained in:
Costa Tsaousis (ktsaou) 2015-06-11 01:30:30 +03:00
parent 30c37b32da
commit b62a017d8f
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
contrib/update-ipsets.sh
View File

@ -2401,6 +2401,25 @@ update dragon_http $[24*60] 0 ipv4 both \
"[Dragon Search Group](http://www.dragonresearchgroup.org/) IPs that have been seen sending HTTP requests to Dragon Research Pods in the last 7 days. This report lists hosts that are highly suspicious and are likely conducting malicious HTTP attacks. LEGITIMATE SEARCH ENGINE BOTS MAY BE IN THIS LIST. This report is informational. It is not a blacklist, but some operators may choose to use it to help protect their networks and hosts in the forms of automated reporting and mitigation services."
# -----------------------------------------------------------------------------
# Nothink.org
update nt_ssh_7d 60 0 ipv4 ip \
"http://www.nothink.org/blacklist/blacklist_ssh_week.txt" \
remove_comments \
"[No Think](http://www.nothink.org/) Last 7 days SSH attacks"
update nt_malware_irc 60 0 ipv4 ip \
"http://www.nothink.org/blacklist/blacklist_malware_irc.txt" \
remove_comments \
"[No Think](http://www.nothink.org/) Malware IRC"
update nt_malware_http 60 0 ipv4 ip \
"http://www.nothink.org/blacklist/blacklist_malware_http.txt" \
remove_comments \
"[No Think](http://www.nothink.org/) Malware HTTP"
# -----------------------------------------------------------------------------
# iBlocklist
# https://www.iblocklist.com/lists.php
@ -2639,17 +2658,13 @@ merge firehol_anonymous "**FireHOL Anonymous** - Known anonymizing IPs." \
firehol_proxies anonymous bm_tor dm_tor tor_exits
# -----------------------------------------------------------------------------
# TODO
#
# add sets
# - http://www.nothink.org/blacklist/blacklist_ssh_week.txt
# - http://www.nothink.org/blacklist/blacklist_malware_irc.txt
# - http://www.nothink.org/blacklist/blacklist_malware_http.txt
# - http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 # 16 hours history of tor exit points
# - http://www.ipdeny.com/ipblocks/ geo country db for ipv6
# - maxmind city geodb
# - http://antispam.imp.ch/spamlist
# - https://github.com/Blueliv/api-python-sdk/wiki/Blueliv-REST-API-Documentation
#
# user specific features