Intelligence Blocklist (IPv4): Botnets, RaT, CVE's RCE, Scanners. DST = FR
- BE
✋You can easily integrate this list into your FWs under the Inbound/Outbound policy rules, Threat feeds.
To add my blocklist to the Fortinet, CheckPoint, Palo Alto and OPNsense FWs, here are some interesting links
- Fortinet : https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/891236
- CheckPoint : https://sc1.checkpoint.com/documents/R80.20SP/WebAdminGuides/EN/CP_R80.20SP_Maestro_AdminGuide/Topics-Maestro-AG/IP-Block-Feature.htm
- Palo Alto : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/configure-the-firewall-to-access-an-external-dynamic-list
- OPNsense : https://slash-root.fr/opnsense-block-malicious-ips/
Paypal (Project) : 👉 https://www.paypal.com/donate?campaign_id=88XWURTQHNMK4
Paypal (Oneshot) : 👉 https://www.paypal.com/donate/?hosted_button_id=YDTWBDBS7CPLN
Bitcoin : 👉 bc1q57u5usqp2z0qqp4w4r4lvwaalf0uypls8quzm6
I started this project in June 2023 when I discovered, through logs on specific instances, a number of triggers coming from IPv4 addresses with strong signals whose behaviors appeared to be aggressive scan ports, RCE attempts linked to highly exploited CVEs.
I started retrieving them, analyzing them and then storing them in a txt list (I didn't mess around apparently🤣).
And since then, this list has evolved to include data from 25 probes (decoy) deployed in strategic areas of the French and Belgian network.
I work hard to ensure that you have high-quality data (IPv4) (the most aggressive, malicious and most up-to-date).
According to feedback, more than 79 small and medium-sized companies (Acensi as well) have already implemented this list in their FW Fortinet, Palo Alto, Checkpoint, etc.
✅agressive_ips_dst_fr_be_blocklist.txt
- Apache Attack
- Nginx Attack
- Ransomware Attack
- VPN Attack
- RDP Attack
- NTLM Attack
- Kerberos Attack
- Wordpress Enumeration
- Botnet Recruitment
- Brute-force Attack
- Brute-Force SSH Login
- Directory Busting
- Credentials Dumping
- Email Attack
- SMB Attack
- FTP Attack
- IMAP Attack
- Information Gathering
- Remote Code Execution
- Scanning
- SSH Attack
- Tor Exit Node
- Tor Node
- VOIP Attack
- Web Traversal
Etc.
- CVE-2020-25078
- CVE-2021-42013
- CVE-2021-41773
- CVE-2024-3400
- CVE-2017-16894
- CVE-2024-3721
- CVE-2022-30023
- CVE-2017-9841
- CVE-2018-10561
- CVE-2018-20062
- CVE-2022-44808
- CVE-2022-41040
- CVE-2022-41082
Etc.
PS: this list will be updated every 24/48h
Intelligence IPv4 Blocklist © 2023 by Duggy Tuxy is licensed under Creative Commons Attribution-NonCommercial 4.0 International. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc/4.0/
