[VoiceOps] Web Attacker Blacklist
Jay Hennigan
jay at west.net
Tue Oct 22 17:29:27 EDT 2013
On 10/22/13 6:57 AM, J. Oquendo wrote:
>
> Going to cross post this to the list (I know some of us
> criss-cross lists). Reasoning, a lot of IP PBXs have
> web based interfaces, and some need to be on the public
> Internet.
>
> Cobbled together a script to scrape my logs, parse out web
> based attackers (SQLi, XSS, CSRF, etc) and compile said list
> for blacklisting. Script is pulling from 6 different web
> servers for now. I may add more later depending on whether
> or not I see a lot of usage.
>
> http://www.infiltrated.net/webattackers.txt
Thanks. I personally would like to see it as solely raw IP addresses
rather than a mix of IPs and PTRs. The PTRs may not match forward DNS,
particularly if a bad guy has control of rDNS.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the VoiceOps
mailing list