[LACNIC/Seguridad] Sobre Botnet
Roberto Alvarado
ralvarado en anycast.cl
Lun Ago 29 17:50:26 BRT 2016
Talvez te sirvan los siguientes feeds (tomados de la configuración de csf firewall):
# Spamhaus Don't Route Or Peer List (DROP)
# Details: http://www.spamhaus.org/drop/
#SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso
# Spamhaus Extended DROP List (EDROP)
# Details: http://www.spamhaus.org/drop/
#SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso
# DShield.org Recommended Block List
# Details: http://dshield.org
#DSHIELD|86400|0|http://www.dshield.org/block.txt
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
# Alternative TOR Exit Nodes List
# Details: http://torstatus.blutmagie.de/
#ALTTOR|86400|0|http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
# BOGON list
# Details: http://www.team-cymru.org/Services/Bogons/
#BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt
# Project Honey Pot Directory of Dictionary Attacker IPs
# Details: http://www.projecthoneypot.org
#HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
# C.I. Army Malicious IP List
# Details: http://www.ciarmy.com
#CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt
# BruteForceBlocker IP List
# Details: http://danger.rulez.sk/index.php/bruteforceblocker/
#BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
# OpenBL.org 30 day List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.openbl.org
#OPENBL|86400|0|https://www.openbl.org/lists/base_30days.txt
# MaxMind GeoIP Anonymous Proxies
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.maxmind.com/en/anonymous_proxies
#MAXMIND|86400|0|https://www.maxmind.com/en/anonymous_proxies
# Blocklist.de
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.blocklist.de
# This first list only retrieves the IP addresses added in the last hour
#BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600
# This second list retrieves all the IP addresses added in the last 48 hours
# and is usually a very large list (over 10000 entries), so be sure that you
# have the resources available to use it
#BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt
# Stop Forum Spam
# Details: http://www.stopforumspam.com/downloads/
# Many of the lists available contain a vast number of IP addresses so special
# care needs to be made when selecting from their lists
#STOPFORUMSPAM|86400|0|http://www.stopforumspam.com/downloads/listed_ip_1.zip
# GreenSnow Hack List
# Details: http://greensnow.co
#GREENSNOW|86400|0|http://blocklist.greensnow.co/greensnow.txt <http://blocklist.greensnow.co/greensnow.txt>
Saludos
Roberto
> On Aug 29, 2016, at 16:57, Madeleine García <madelen.garcia16 en gmail.com> wrote:
>
> Hola a todos
> Necesito de su ayuda, conocen de alguna lista de distribución que te envíe información sobre IPs comprometidas en una red botnet??
> Muchas graciasssss
> Saludos,
> Madeleine
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net <mailto:Seguridad en lacnic.net>
> https://mail.lacnic.net/mailman/listinfo/seguridad <https://mail.lacnic.net/mailman/listinfo/seguridad>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20160829/3707c5d8/attachment.html>
Más información sobre la lista de distribución Seguridad