[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-development
Subject: Re: abuseipdb IP Blocklist
From: Chris Multari <cmultari () gmail ! com>
Date: 2022-10-12 13:07:26
Message-ID: CAD-y=jbXhaj-fGoA29BQbm8zwcrQSaPR5KrXXOhdp0eZhNakkw () mail ! gmail ! com
[Download RAW message or body]
Thanks for the reply Michael. You can download the entire list in text
format in a single API call, it just requires your API key. There is a
free level of service from them that will provide a basic list of 10000
high confidence offenders.
https://docs.abuseipdb.com/#plaintext-blacklist
curl -G https://api.abuseipdb.com/api/v2/blacklist \
-d confidenceMinimum=85 \
-d limit=500000 \
-H "Key: $YOUR_API_KEY" \
-H "Accept: text/plain"
We've just noticed that the majority of malicious web requests comes in
from an IP with a confidence score of 85% or above from this list.
Thanks again!
Chris
On Wed, Oct 12, 2022 at 5:35 AM Michael Tremer <michael.tremer@ipfire.org>
wrote:
> Hello Chris,
>
> > On 11 Oct 2022, at 14:35, Chris Multari <cmultari@gmail.com> wrote:
> >
> > IPFire Devs - The IP Blocklist feature has been absolutely great.
>
> Thanks for the feedback!
>
> > Has been any consideration given to adding something like the
> abuseipdb.com blocklist? The list does require an API key and will
> return a different amount of IPs depending on your subscription
> level/account config, but bad actors are picked up quickly.
>
> Currently, we only process offline blocklists, since it isn't feasible to
> send any API requests out. A busy firewall might get many thousands of
> packets in a second that need checking (and that includes any potential
> caching of responses).
>
> As far as I can see, there is no way to download the entire list in text
> format.
>
> -Michael
>
> >
> > Thanks!
> > Chris
>
>
[Attachment #3 (text/html)]
<div dir="ltr">Thanks for the reply Michael. You can download the entire list in \
text format in a single API call, it just requires your API key. There is a free \
level of service from them that will provide a basic list of 10000 high confidence \
offenders.<div><br></div><div><a \
href="https://docs.abuseipdb.com/#plaintext-blacklist">https://docs.abuseipdb.com/#plaintext-blacklist</a><br></div><div><br></div><div>curl \
-G <a href="https://api.abuseipdb.com/api/v2/blacklist">https://api.abuseipdb.com/api/v2/blacklist</a> \
\<br> -d confidenceMinimum=85 \</div><div> -d limit=500000 \</div><div> -H \
"Key: $YOUR_API_KEY" \<br> -H "Accept: \
text/plain"<br></div><div><br></div><div>We've just noticed that the \
majority of malicious web requests comes in from an IP with a confidence score of 85% \
or above from this list. </div><div><br></div><div>Thanks \
again!</div><div><br></div><div>Chris</div></div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">On Wed, Oct 12, 2022 at 5:35 AM Michael Tremer <<a \
href="mailto:michael.tremer@ipfire.org">michael.tremer@ipfire.org</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Chris,<br> <br>
> On 11 Oct 2022, at 14:35, Chris Multari <<a href="mailto:cmultari@gmail.com" \
target="_blank">cmultari@gmail.com</a>> wrote:<br> > <br>
> IPFire Devs - The IP Blocklist feature has been absolutely great. <br>
<br>
Thanks for the feedback!<br>
<br>
> Has been any consideration given to adding something like the <a \
href="http://abuseipdb.com" rel="noreferrer" target="_blank">abuseipdb.com</a> \
blocklist? The list does require an API key and will return a different amount of \
IPs depending on your subscription level/account config, but bad actors are picked up \
quickly. <br> <br>
Currently, we only process offline blocklists, since it isn't feasible to send any \
API requests out. A busy firewall might get many thousands of packets in a second \
that need checking (and that includes any potential caching of responses).<br> <br>
As far as I can see, there is no way to download the entire list in text format.<br>
<br>
-Michael<br>
<br>
> <br>
> Thanks!<br>
> Chris<br>
<br>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic