September 9, 2021

Do you use blacklists / IP threat intelligence and are they helpful?

I have a couple of virtual machines I use for various purposes. I’m not too worried about getting breached as there is nothing sensitive. Fail2ban I use and is definitely helpful. But I have been pondering on using some sort of IP blacklists / threat intelligence source to block these known malicious addresses. Some that I came across are:

– https://www.greynoise.io/
– https://dnschecker.org/ip-blacklist-checker.php
– https://github.com/stamparm/ipsum
– https://www.projecthoneypot.org
– http://www.blocklist.de/en/index.html
– https://www.talosintelligence.com/reputation
– https://www.spamhaus.org/
– https://mxtoolbox.com/

I was thinking I can create some scripts to set blacklists in ipset, Nginx, modsecurity, etc… I realize some of these sources don’t give a dump of their data and can only query or you have to pay some large amount to access their data dump.

Do folks use these blacklists sources and are they even helpful to use? At the end of the day IPs are simply addresses and the state can change constantly, so perhaps using blacklists aren’t the best solution? How do folks manage and filter your network access ? Just curious…

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.