where-are-the-scanners
| iptables-autobanner | where-are-the-scanners | |
|---|---|---|
| 1 | 1 | |
| - | 12 | |
| - | - | |
| - | 7.6 | |
| - | 6 months ago | |
| HTML | ||
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
iptables-autobanner
-
What You Get After Running an SSH Honeypot for 30 Days
I have a utility that parses ssh failed attempts and creates iptables blocklists:
https://gitlab.com/mtekman/iptables-autobanner
For those just wanting the blocklist, here is a table of malicious IP addresses, with columns of: address, number of ports tried, number of usernames tried.
https://upaste.de/bgC
where-are-the-scanners
-
What You Get After Running an SSH Honeypot for 30 Days
Coincidently, I recently visualized the scanners for fun by plotting them on a globe[1]. It gives a more comprehensive view of the locations and ASNs of the scanners. The demo data is generated from 1 day of logs.
[1]: https://github.com/simonmysun/where-are-the-scanners
Amazingly there's no request from same ASN. I believe this is because the VPS provider has a quite strict validation process, e.g. you have to upload a photo of yourself with your ID and your handwritten username, etc. I would suggest we consider the reputation or credibility of the data centesr so that the data centers have the motivation of banning such users. In my case, a lot of the requests were sent from Tencent or Alibaba data centers.
What are some alternatives?
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
UninvitedActivity - An attempt at creating some kind of auto-updating IP address blocklist
self-hosted-mailserver - A set of ansible scripts, to set up fully functional, self-hosted mailserver
referrer-spam-list - Community-contributed list of referrer spammers. Comment +1 in any issue or Pull request and the spammer will be added to the list!