This project (blocking list) aims to reduce the number of attacks by inserting IP addresses known to be abusive, aggressive and malicious (confidence of abuse 100%).
This blocklist is made up of reliable, high-quality data from decoys placed geolocally in public and private infrastructures such as :
| Country🌍 | OS🖥️ | Technologies🎛️ | Online🛜 |
|---|---|---|---|
| Belgium | GNU/Linux | SMB, Apache, Wordpress, VPN-SSL | On |
| Germany | GNU/Linux | VPN-SSL, Nginx, Squid, SMB | On |
| Austria | WinSrv 2022 | Apache, IIS, SMB, DC | On |
| Netherlands | WinSrv 2022 | Apache, SMB, DC | On |
| France | GNU/Linux | VPN-SSL, SMB, CVEs, Wordpress | On |
| Spain | WinSrv 2025 | IIS, Apache, SMB, DC | On |
| Portugal | GNU/Linux | DNS, Squid, Wireguard | On |
| Italy | GNU/Linux | Apache, Nginx, Wordpress, Webmin | On |
| Greece | GNU/Linux | VPN-SSL, CVEs | On |
| Lithuania | GNU/Linux | CVEs, SMB, Squid, OpenVPN | On |
What's special about these decoys is that they contain several configurations, depending on the IS mapping and the specific needs of the customer or the data I want to collect, so I can correlate them with other CTI platforms
- To give you a few figures, I collect (on average) over 7195 IP addresses unique per day, and after analysis and feedback, once they're really reliable, I add them to this blocking list, which is closely monitored 24/7.
- For the deletion part, the policy in force is that I keep these IP addresses for 30 days: if no activity has been reported within this period, these IP addresses are removed from the blocking list to be inserted in a “Whitelist” also monitored.
PS: I want to make it clear that this block list is an additional layer of protection to :
- Reduce the number of attacks
- Reduce the possibility of mapping your exposed assets (public IPs)
- Slightly reduce the attack surface (e.g. Recon)
🫸But under no circumstances will it replace all the best practices in your security posture.
- Data-Shield IPv4 Blocklist : target destination 👉 Europa
- Some IP addresses have a relatively short lifespan (such as APTs, groups that deploy infostealers and malware, etc.).
- 👇Here are some of the vectors and types of attack these IP addresses can inflict at any given time👇.
| CVE🐞 | Description📜 | Link🌍 |
|---|---|---|
| CVE-2020-25078 | An issue was discovered on D-Link DCS-2530L... | NIST Website |
| CVE-2021-42013 | It was found that the fix for CVE-2021-41773... | NIST Website |
| CVE-2021-41773 | A flaw was found in a change made to path... | NIST Website |
| CVE-2024-3400 | PAN-OS : A command injection as a result... | NIST Website |
| CVE-2017-16894 | In Laravel framework through 5.5.21... | NIST Website |
| CVE-2024-3721 | A vulnerability was found in TBK DVR-4104 and DVR-4216... | NIST Website |
| CVE-2022-30023 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1... | NIST Website |
| CVE-2017-9841 | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28... | NIST Website |
| CVE-2018-10561 | An issue was discovered on Dasan GPON home routers... | NIST Website |
| CVE-2018-20062 | An issue was discovered in NoneCms V1.3... | NIST Website |
| CVE-2022-44808 | Vulnerability has been found on D-Link DIR-823G devices... | NIST Website |
| CVE-2022-41040 | Microsoft Exchange Server Elevation of PV** | NIST Website |
| CVE-2022-41082 | Microsoft Exchange Server RCE Vulnerability** | NIST Website |
Etc.
| TTPs🥷 | A few countries of origin🌍 | Avg IP addr per day🛜 |
|---|---|---|
| Apache Attack | Belgium, UK, Poland, Russia | NC |
| Nginx Attack | Brazil, USA, France, China | NC |
| Ransomware Attack | Brazil, Lithuania, Russia | NC |
| VPN Attack | Belgium, UK, Poland, Russia | NC |
| RDP Attack | USA, Brazil, Peru, Morocco | NC |
| NTLM Attack | China, UK, Poland, Belgium | NC |
| Kerberos Attack | Venezuela, Brazil, Poland, Algeria | NC |
| Wordpress Enumeration | USA, China, Russia, UK | NC |
| Botnet Recruitment | USA, China, Brazil, Chile | NC |
| Brute-force Attack | USA, China, UK, France | NC |
| Brute-Force SSH Login | USA, China, Poland, Netherlands | NC |
| Directory Busting | USA, China, Italy, India | NC |
| Credentials Dumping | India, Japan, UK, Netherlands | NC |
| Email Attack | USA, China, India, Spain | NC |
| SMB Attack | USA, China, Poland, France | NC |
| FTP Attack | UK, France, Poland, Vietnam | NC |
| IMAP Attack | USA, China, Poland, France | NC |
| Information Gathering | USA, China, India, Lithuania | NC |
| Remote Code Execution | USA, India, Pakistan, Iran | NC |
| Scanning | USA, China, India, Indonesia | NC |
| SSH Attack | USA, China, India, France | NC |
| Tor Exit Node | Switzerland, France, Germany | NC |
| Tor Node | Switzerland, France, Germany | NC |
| VOIP Attack | Belgium, India, Vietnam, Indonesia | NC |
| Web Traversal | USA, China, Lithuania, France | NC |
Etc.
PS: this list will be updated every 4/24h
- You can easily integrate this list into your FWs under the Inbound/Outbound policy rules, Threat feeds.
- To add my blocklist to the Fortinet, CheckPoint, Palo Alto and OPNsense FWs, here are some interesting links
| Vendor🧱 | Description📜 | Link🌍 |
|---|---|---|
| Fortinet | External blocklist policy | Fortinet Website |
| Checkpoint | IP Block Feature | Checkpoint Website |
| Palo Alto | Configure the Firewall to Access an External Dynamic List | Palo Alto Website |
| OPNsense | OPNsense : Block malicious IPs | Slash-Root Website |
According to feedback, more than 70 small and medium-sized companies (Acensi as well) have already implemented this list in their FW Fortinet, Palo Alto, Checkpoint, etc.
| Site📍 | Description📜 | Link🌍 |
|---|---|---|
| Ko-Fi | Join all types of creators getting donations, memberships, etc. from their fans! | Thank you !!! |
Data-Shield IPv4 Blocklist © 2023 by Duggy Tuxy is licensed License File
