I have a couple of virtual machines I use for various purposes. I’m not too worried about getting breached as there is nothing sensitive. Fail2ban I use and is definitely helpful. But I have been pondering on using some sort of IP blacklists / threat intelligence source to block these known malicious addresses. Some that I came across are:
I was thinking I can create some scripts to set blacklists in ipset, Nginx, modsecurity, etc… I realize some of these sources don’t give a dump of their data and can only query or you have to pay some large amount to access their data dump.
Do folks use these blacklists sources and are they even helpful to use? At the end of the day IPs are simply addresses and the state can change constantly, so perhaps using blacklists aren’t the best solution? How do folks manage and filter your network access ? Just curious…