Misc Tech Notes

Fre 07 Augusti 2015

GIBL - generate ip black list

Posted by Peter ReuterÃ¥s in Tips   

Since big data and threat intelligence is popular at the moment and can be useful I started to think what data I had that I didn't use. In the first version I collect data from Bro, Postfix and Apache httpd. I'll add more sources when I find something interesting.

At the time when I'm writing this text there is 4365 unique IP addresses on the lists. You can find the lists at attackers.ongoing.today (there will be https there later).

If you ideas to enhance the script or find any bugs please let me know on Twitter @reuteras.