[BUG] mass_scanner.txt binaryedge IPs are not up to date
williamdes opened this issue · 9 comments
Ref: https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt
My version is up to date: https://github.com/datacenters-network/security/blob/main/binaryedge.txt
Probably stretchoid is also not up to date: https://github.com/datacenters-network/security/blob/main/stretchoid.txt
See:
- https://github.com/datacenters-network/security/blob/main/digitalocean/binaryedge_digitalocean_possible_ips.txt
- https://github.com/datacenters-network/security/blob/main/digitalocean/stretchoid_digitalocean_possible_ips.txt
- https://github.com/datacenters-network/security/blob/main/digitalocean/stretchoid_ranges.txt
- https://github.com/datacenters-network/security/blob/main/digitalocean/binaryedge_ranges.txt
We can discuss this, do you want to copy my list ?
You have hundreds of IPs that are not associated to anything related now
You had two IPs Id did not have: datacenters-network/security@1a94e51
And it resulted in finding more than two of them: datacenters-network/security@e73af36
@stamparm Perhaps, this would be OK via some dedicated feed in /static/feeds folder for /digitalocean/binaryedge_digitalocean_possible_ips.txt?
@williamdes Hello!
Thank you for propostion!
Ranges: d2b0d3a
For IP-lists -- perhaps, would be OK via some dedicated updatable feed, especially for /binaryedge_digitalocean_possible_ips.txt.
@stamparm Perhaps, this would be OK via some dedicated feed in
/static/feedsfolder for/digitalocean/binaryedge_digitalocean_possible_ips.txt?
Why do you want a feed to the possible IPs if you can use my feed at the repository root to have the real IP list?
And possible IPs is only a computation unsing prips of the possible ranges you copied
Let me know
I am think it's the time to boot a website: security.datacenters.network
What do you think?
My OPNsense/Pfsense firewalls can not use your feeds because the IP comments have to be on another line ;)
@stamparm Perhaps, this would be OK via some dedicated feed in
/static/feedsfolder for/digitalocean/binaryedge_digitalocean_possible_ips.txt?Why do you want a feed to the possible IPs if you can use my feed at the repository root to have the real IP list?
~ 17 Mb of plain text (I mean) /digitalocean/stretchoid_digitalocean_possible_ips.txt to add -- no problem to add "as is", but I do not what to increase memory consumpation when loading the trails.
I am think it's the time to boot a website: security.datacenters.network
In a good hour!
What do you think?
My OPNsense/Pfsense firewalls can not use your feeds because the IP comments have to be on another line ;)
I'm not sure I inderstand you correctly here. OPNsense contains Maltrail as the fully functional plugin with all feeds and static trails (including /mass_scanner.txt)...
Hello @MikhailKasimov 👋🏻
I mean that stretchoid_digitalocean_possible_ips is the list of the possible IPs, but it's worth nothing at all.
It's only the result of binaryedge_ranges.txt passed into the program prips.
Then you have a list of all IPs to scan (stretchoid_digitalocean_possible_ips) to find the IPs you really want.
So the final files really are: https://github.com/datacenters-network/security/blob/main/binaryedge.txt
and https://github.com/datacenters-network/security/blob/main/strechoid.txt
Here is the full script to make the final list: https://github.com/datacenters-network/security/blob/main/make-stretchoid.sh
I could strip the comments out of them. If this is what you mean ?
That said I have no idea of what maltrail is (sorry about that, I need to read about it), I just came here to have some community discussion about the lists since we are doing the same kind of thing 😄
Here is how I use the lists currently:
This website also has some nice ones: https://iplists.firehol.org/
@williamdes not sure what's the suggestion? also, adding mass_scanner IP ranges is not the main purpose of Maltrail
if you can provide a list of IPs that we miss, we can update our list. there will be no feed linking to your project because as said, mass_scanners are not of our uttermost interest
if you are not happy with this suggestion, i'll just close this down
Done in e2a92d1
Minus all, what has possible mark, I mean:
/binaryedge_digitalocean_possible_ips.txt
/stretchoid_digitalocean_possible_ips.txt
@williamdes not sure what's the suggestion? also, adding mass_scanner IP ranges is not the main purpose of Maltrail
if you can provide a list of IPs that we miss, we can update our list. there will be no feed linking to your project because as said, mass_scanners are not of our uttermost interest
if you are not happy with this suggestion, i'll just close this down
Sorry I am not very aware of the final goal of your project. I only wanted you to have the lists up todate :)
There is quite often updates of Stretchoid Ips
@williamdes not sure what's the suggestion? also, adding mass_scanner IP ranges is not the main purpose of Maltrail
if you can provide a list of IPs that we miss, we can update our list. there will be no feed linking to your project because as said, mass_scanners are not of our uttermost interest
if you are not happy with this suggestion, i'll just close this down
Sorry I am not very aware of the final goal of your project.
Noone is aware. :) But ancient manuscripts say, that to detect malicious traffic and to try to do it well. :)
I only wanted you to have the lists up todate :)
And pretty thank you here for that! That's fact.