[Dshield] Database of Known Malicious IP Address/IP Networks

Johannes Ullrich jullrich at sans.org
Tue Aug 6 19:48:31 GMT 2002

> Does anyone have any opinions on this approach or any suggestions?

We do publish a 'block list' it includes netblocks that show up as the
top attackers in our DShield database. For details, see:


There is also a 'bogon list' of unused IP addresses you may want
to use to reject spoofed traffic. See


I can make another dump of the IP->country database we use
for dshield. Occassionally, I dump it to an ASCII file for 

jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org

More information about the list mailing list