-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter IP addresses from known scanners #97
Comments
If you want to filter out IP addresses from known scanners, you can use a tool or a database that maintains a list of these IP addresses. One popular tool for this purpose is Fail2Ban, which is an open-source intrusion prevention software that can detect and block attempts to access your system from known malicious IP addresses. Fail2Ban uses a set of rules, known as filters, to scan log files and block access from IP addresses that match these rules. You can configure Fail2Ban to use a filter that includes a list of known scanner IP addresses, which will help prevent these scanners from accessing your system. Another option is to use a database of known scanner IP addresses to filter them out using your own custom code. There are several databases available that maintain lists of IP addresses associated with malicious activity, such as the OpenBL and Blocklist.de. You can use these databases to create your own filter that blocks IP addresses from known scanners. In addition, you can use the Django middleware to filter IP addresses from known scanners. The middleware is a way to add functionality to the request/response processing pipeline in Django. You can write custom middleware that checks the IP address of each request and blocks access from known scanner IP addresses. Here's an example of how you can use middleware to filter IP addresses from known scanners:
You can add this middleware to your Django settings file to enable it. The middleware will then check the IP address of each request and block access from any IP addresses in the list of known scanner IPs. |
hey, thanks for your interest. Anyway I think we should consider the context of this issue that seems to be misunderstood considering what you have written. This is a Threat Intel Platform and we are talking about the IP addresses stored by the DB, not the ones who connect to the application. We don't want to stop external IP addresses. We just want to categorize them correctly. |
We should periodically download this batch of data: https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt
and add those IP to whitelists to reduce number of false positives
The text was updated successfully, but these errors were encountered: