stretchoid.com IP list for use in blocking their port scans
-
@Sissy Thanks for this. Also, looks like they have an opt-out form on their website, FWIW. https://stretchoid.com/
-
@sprocktech said in stretchoid.com IP list for use in blocking their port scans:
Also, looks like they have an opt-out form on their website
In my opinion its strange to opt-out from something I never opt-in ... and btw - I dont like self proclaimed Internet Policemens ...
AS14061 is in my pfblocker and until now I never saw from there any legit connection ...
Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.8.0 CE
Packages: Apcupsd Cron Iftop Iperf LCDproc Nmap pfBlockerNG RRD_Summary Shellcmd Snort Speedtest System_Patches. -
@johnpoz said in stretchoid.com IP list for use in blocking their port scans:
For that matter block all of digitalocean inbound
Also works with the IP-feed Cinsscore
in pfblockerNG-devel for all the strechoids ...
-
@fireodo yeah a home user would have zero need for anything coming from DO at all.. But as mentioned you might if your hosting email services, etc.
I found this parsed listed of the stretchoid IPs
https://github.com/SilvrrGIT/IP-Lists/blob/master/stretchoidLooks like last updated 21 days..
As the OP stated that opt-out thing could just be way to get more info - who knows.. I see their IPs hitting my wan... To me its just one of the many other bots, scripts, whatever - who cares.. If they find my open ports... Can't lock down the ports from every single IP - have them locked down to country already..
What does it get you blocking them - still traffic hitting your wan.. So what if they find out your running smtp server.. You are running a smtp server open to the planet anyway ;)
If anything I could see just blocking and not logging the traffic maybe if its filling up your logs with stuff you don't care to see.
-
@johnpoz Doh, I skipped over the part in the OP about the opt-out. Oh well, I at least wanted to say thanks for the contribution. Everyone has a different way of doing things.
-
https://isc.sans.edu/api/threatlist/shodan/?xml
https://isc.sans.edu/api/threatlist/shadowserver/?xml
Handy for pfBlocker:-
-
Hi all,
This is an old subject but has good SEO.
There is lists of stretchoid IPs: https://github.com/SilvrrGIT/IP-Lists/issues/85I built a much more complete one, you can find it here: https://github.com/SilvrrGIT/IP-Lists/issues/85#issuecomment-1657267386
I currently use this with my pfSense/OPNsense setup as a firewall alias.
-
@williamdes said in stretchoid.com IP list for use in blocking their port scans:
I built a much more complete one, you can find it here: https://github.com/SilvrrGIT/IP-Lists/issues/85#issuecomment-1657267386
I currently use this with my pfSense/OPNsense setup as a firewall alias.
Thanks, today I encountered some stretchoid hits from your list, which were not in the PRI group feeds.
-
@Bob-Dig what were the ips?
-
@johnpoz said in stretchoid.com IP list for use in blocking their port scans:
@Bob-Dig what were the ips?
I already deleted the log file so I can't tell. But when I looked, they were almost identical to ones, which were already in PRI1.
