opencti VS blocklist-ipsets

It sounds like you want to jump into game development before learning how to write "Hello, world!". Try using any of the open source tools that already do this and sign up for some "free" threat intel tools and learn the lay of the land. https://www.misp-project.org/ https://github.com/OpenCTI-Platform/opencti https://iplists.firehol.org/ https://www.greynoise.io/

An image - OpenCTI IOC Visualisation The system - OpenCTI Github

Best thing you can do to start your CTI journey is building an OpenCTI server for yourself. After adding some connectors to your openCTI (AlienVault, malpedia, mitre...), you'll have a strong base to practice and learn CTI.

If you haven’t yet, check out OpenCTI https://github.com/OpenCTI-Platform/opencti

Look into FireHol and its use of IPsets: https://firehol.org/guides/ipset/ | http://iplists.firehol.org/ - you can easily do what you’re wanting with these two.

Yes, unfortunately i think this also happened other times with Firehol L3 (you can see https://github.com/firehol/blocklist-ipsets/issues/188) but thanks for the lists advice.

It sounds like you want to jump into game development before learning how to write "Hello, world!". Try using any of the open source tools that already do this and sign up for some "free" threat intel tools and learn the lay of the land. https://www.misp-project.org/ https://github.com/OpenCTI-Platform/opencti https://iplists.firehol.org/ https://www.greynoise.io/

I believe you are running SSH over default port 22 - feel free to change that. You can also use iplists from FireHOL to block any connection from blacklisted (on way or another) IPs - https://iplists.firehol.org/

Tor exits are tracked here [1] and in a few other block-list repos. The data is built from Tor's exit node list [2]

[1] - https://github.com/firehol/blocklist-ipsets

[2] - https://check.torproject.org/exit-addresses