We're doing some work this week on our automation so our block lists are not accessible at this time on the Intel site:
-
We're doing some work this week on our automation so our block lists are not accessible at this time on the Intel site:
However, you can still generate your own prefix lists based on our ASN block list, the Spamhaus ASN DROP list, or your own by following the instructions here:
Convert ASNs to Prefixes
Use Python to easily do the thing the firewall vendors say they can't.
GAYINT Blog (blog.gayint.org)
And if you want direct access to the latest naughty ASN list, you can get to it here for now:
-
We're doing some work this week on our automation so our block lists are not accessible at this time on the Intel site:
However, you can still generate your own prefix lists based on our ASN block list, the Spamhaus ASN DROP list, or your own by following the instructions here:
Convert ASNs to Prefixes
Use Python to easily do the thing the firewall vendors say they can't.
GAYINT Blog (blog.gayint.org)
And if you want direct access to the latest naughty ASN list, you can get to it here for now:
@gayint so in the asnsToPrefixes page you say you'd appreciate hearing about what people have done with the script, so have some bash:
for line in "${asn_list[@]}";do
res_json=$(curl -fsSL "https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS${line}")
if [ ! -z "${res_json}" ];then
# convert json into iptables rules.v4 lines
echo "${res_json}" | jq -r '.data.prefixes[].prefix' | grep -v ':' | sort -g | sed "s/^/-A INPUT -s /;s/$/ -m comment --comment \"drop AS${line}\" -j DROP/"
else
echo "Error: Unable to retrieve json for ${line}"
fi
donehopefully this is useful to someone, the sed expression could be modified to output other blocklist formats if needed, and rules.v6 output could be easily added as well
-
R relay@relay.infosec.exchange shared this topic
