stretchoid.com IP list for use in blocking their port scans

SprockTech · Aug 22, 2022, 12:34 PM

@Sissy Thanks for this. Also, looks like they have an opt-out form on their website, FWIW. https://stretchoid.com/

fireodo · Aug 22, 2022, 1:07 PM

@sprocktech said in stretchoid.com IP list for use in blocking their port scans:

Also, looks like they have an opt-out form on their website

In my opinion its strange to opt-out from something I never opt-in ... and btw - I dont like self proclaimed Internet Policemens ...
AS14061 is in my pfblocker and until now I never saw from there any legit connection ...

fireodo · Aug 22, 2022, 1:22 PM

@johnpoz said in stretchoid.com IP list for use in blocking their port scans:

For that matter block all of digitalocean inbound

Also works with the IP-feed Cinsscore
in pfblockerNG-devel for all the strechoids ...

johnpoz · Aug 22, 2022, 1:29 PM

@fireodo yeah a home user would have zero need for anything coming from DO at all.. But as mentioned you might if your hosting email services, etc.

I found this parsed listed of the stretchoid IPs
https://github.com/SilvrrGIT/IP-Lists/blob/master/stretchoid

Looks like last updated 21 days..

As the OP stated that opt-out thing could just be way to get more info - who knows.. I see their IPs hitting my wan... To me its just one of the many other bots, scripts, whatever - who cares.. If they find my open ports... Can't lock down the ports from every single IP - have them locked down to country already..

What does it get you blocking them - still traffic hitting your wan.. So what if they find out your running smtp server.. You are running a smtp server open to the planet anyway ;)

If anything I could see just blocking and not logging the traffic maybe if its filling up your logs with stuff you don't care to see.

SprockTech · Aug 22, 2022, 1:37 PM

@johnpoz Doh, I skipped over the part in the OP about the opt-out. Oh well, I at least wanted to say thanks for the contribution. Everyone has a different way of doing things.

NogBadTheBad · Aug 22, 2022, 2:49 PM

@sprocktech

https://isc.sans.edu/api/threatlist/shodan/?xml

https://isc.sans.edu/api/threatlist/shadowserver/?xml

Handy for pfBlocker:-

williamdes · Aug 6, 2023, 5:58 PM

Hi all,

This is an old subject but has good SEO.
There is lists of stretchoid IPs: https://github.com/SilvrrGIT/IP-Lists/issues/85

I built a much more complete one, you can find it here: https://github.com/SilvrrGIT/IP-Lists/issues/85#issuecomment-1657267386

I currently use this with my pfSense/OPNsense setup as a firewall alias.

Bob.Dig · Aug 6, 2023, 5:58 PM

@williamdes said in stretchoid.com IP list for use in blocking their port scans:

I built a much more complete one, you can find it here: https://github.com/SilvrrGIT/IP-Lists/issues/85#issuecomment-1657267386

I currently use this with my pfSense/OPNsense setup as a firewall alias.

Thanks, today I encountered some stretchoid hits from your list, which were not in the PRI group feeds.

johnpoz · Aug 6, 2023, 8:56 PM

@Bob-Dig what were the ips?

Bob.Dig · Aug 7, 2023, 6:26 AM

@johnpoz said in stretchoid.com IP list for use in blocking their port scans:

@Bob-Dig what were the ips?

I already deleted the log file so I can't tell. But when I looked, they were almost identical to ones, which were already in PRI1.