[Dshield] Database of Known Malicious IP Address/IP Networks

Johannes Ullrich jullrich at sans.org
Tue Aug 6 19:48:31 GMT 2002


> Does anyone have any opinions on this approach or any suggestions?

We do publish a 'block list' it includes netblocks that show up as the
top attackers in our DShield database. For details, see:


http://www.dshield.org/block_list_info.html

There is also a 'bogon list' of unused IP addresses you may want
to use to reject spoofed traffic. See

http://www.cymru.com/Documents/bogon-dd.html

I can make another dump of the IP->country database we use
for dshield. Occassionally, I dump it to an ASCII file for 
download.


-- 
---------------------------------------------------------------
jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org




More information about the list mailing list