From 66d8f7b0900ee6717db15fef872fe525601253db Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 14 Apr 2023 22:11:58 +0200 Subject: [PATCH] ipblocklist: Adjust indention in sources file This makes the file and it's data better human read-able. Signed-off-by: Stefan Schantl --- config/ipblocklist/sources | 247 ++++++++++++++++++++++--------------- 1 file changed, 145 insertions(+), 102 deletions(-) diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources index be0cf0229d..7847cfc127 100644 --- a/config/ipblocklist/sources +++ b/config/ipblocklist/sources @@ -36,105 +36,148 @@ package IPblocklist::List; -our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklist', - 'url' => 'https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt', - 'info' => 'https://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules', - 'parser' => 'ip-or-net-list', - 'rate' => '1h', - 'category' => 'composite', - 'disable' => ['FEODO_RECOMMENDED', 'FEODO_IP', 'FEODO_AGGRESSIVE', 'SPAMHAUS_DROP', 'DSHIELD'] }, - 'EMERGING_COMPROMISED' => { 'name' => 'Emerging Threats Compromised IPs', - 'url' => 'https://rules.emergingthreats.net/blockrules/compromised-ips.txt', - 'info' => 'https://doc.emergingthreats.net/bin/view/Main/CompromisedHost', - 'parser' => 'ip-or-net-list', - 'rate' => '1h', - 'category' => 'attacker' }, - 'SPAMHAUS_DROP' => { 'name' => "Spamhaus Don't Route or Peer List", - 'url' => 'https://www.spamhaus.org/drop/drop.txt', - 'info' => 'https://www.spamhaus.org/drop/', - 'parser' => 'ip-or-net-list', - 'rate' => '12h', - 'category' => 'reputation' }, - 'SPAMHAUS_EDROP' => { 'name' => "Spamhaus Extended Don't Route or Peer List", - 'url' => 'https://www.spamhaus.org/drop/edrop.txt', - 'info' => 'https://www.spamhaus.org/drop/', - 'parser' => 'ip-or-net-list', - 'rate' => '1h', - 'category' => 'reputation' }, - 'DSHIELD' => { 'name' => 'Dshield.org Recommended Block List', - 'url' => 'https://www.dshield.org/block.txt', - 'info' => 'https://dshield.org/', - 'parser' => 'dshield', - 'rate' => '1h', - 'category' => 'attacker' }, - 'FEODO_RECOMMENDED'=> {'name' => 'Feodo Trojan IP Blocklist (Recommended)', - 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt', - 'info' => 'https://feodotracker.abuse.ch/blocklist', - 'parser' => 'ip-or-net-list', - 'rate' => '5m', - 'category' => 'c and c' }, - 'FEODO_IP' => { 'name' => 'Feodo Trojan IP Blocklist', - 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist.txt', - 'info' => 'https://feodotracker.abuse.ch/blocklist', - 'parser' => 'ip-or-net-list', - 'rate' => '5m', - 'category' => 'c and c', - 'disable' => 'FEODO_RECOMMENDED' }, - 'FEODO_AGGRESSIVE' => { 'name' => 'Feodo Trojan IP Blocklist (Aggressive)', - 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt', - 'info' => 'https://feodotracker.abuse.ch/blocklist', - 'parser' => 'ip-or-net-list', - 'rate' => '5m', - 'category' => 'c and c', - 'disable' => ['FEODO_IP', 'FEODO_RECOMMENDED'] }, - 'CIARMY' => { 'name' => 'The CINS Army List', - 'url' => 'https://cinsscore.com/list/ci-badguys.txt', - 'info' => 'https://cinsscore.com/#list', - 'parser' => 'ip-or-net-list', - 'rate' => '15m', - 'category' => 'reputation' }, - 'TOR_ALL' => { 'name' => 'Known Tor Nodes', - 'url' => 'https://www.dan.me.uk/torlist', - 'info' => 'https://www.dan.me.uk/tornodes', - 'parser' => 'ip-or-net-list', - 'rate' => '1h', - 'category' => 'application', - 'disable' => 'TOR_EXIT' }, - 'TOR_EXIT' => { 'name' => 'Known Tor Exit Nodes', - 'url' => 'https://www.dan.me.uk/torlist/?exit', - 'info' => 'https://www.dan.me.uk/tornodes', - 'parser' => 'ip-or-net-list',, - 'rate' => '1h', - 'category' => 'application' }, - 'ALIENVAULT' => { 'name' => 'AlienVault IP Reputation database', - 'url' => 'https://reputation.alienvault.com/reputation.generic', - 'info' => 'https://www.alienvault.com/resource-center/videos/what-is-ip-domain-reputation', - 'parser' => 'ip-or-net-list', - 'rate' => '1h', - 'category' => 'reputation' }, - 'BOGON' => { 'name' => 'Bogus address list (Martian)', - 'url' => 'https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt', - 'info' => 'https://www.team-cymru.com/bogon-reference', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'invalid' }, - 'BOGON_FULL' => { 'name' => 'Full Bogus Address List', - 'url' => 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt', - 'info' => 'https://www.team-cymru.com/bogon-reference', - 'parser' => 'ip-or-net-list', - 'rate' => '4h', - 'category' => 'invalid', - 'disable' => 'BOGON' }, - 'SHODAN' => { 'name' => 'ISC Shodan scanner blocklist', - 'url' => 'https://isc.sans.edu/api/threatlist/shodan?tab', - 'info' => 'https://isc.sans.edu', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'scanner' }, - 'BLOCKLIST_DE' => { 'name' => 'Blocklist.de all attacks list', - 'url' => 'https://lists.blocklist.de/lists/all.txt', - 'info' => 'https://www.blocklist.de', - 'parser' => 'ip-or-net-list', - 'rate' => '30m', - 'category' => 'attacker' } - ); +our %sources = ( + 'EMERGING_FWRULE' => { + 'name' => 'Emerging Threats Blocklist', + 'url' => 'https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt', + 'info' => 'https://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules', + 'parser' => 'ip-or-net-list', + 'rate' => '1h', + 'category' => 'composite', + }, + + 'EMERGING_COMPROMISED' => { + 'name' => 'Emerging Threats Compromised IPs', + 'url' => 'https://rules.emergingthreats.net/blockrules/compromised-ips.txt', + 'info' => 'https://doc.emergingthreats.net/bin/view/Main/CompromisedHost', + 'parser' => 'ip-or-net-list', + 'rate' => '1h', + 'category' => 'attacker' + }, + + 'SPAMHAUS_DROP' => { + 'name' => "Spamhaus Don't Route or Peer List", + 'url' => 'https://www.spamhaus.org/drop/drop.txt', + 'info' => 'https://www.spamhaus.org/drop/', + 'parser' => 'ip-or-net-list', + 'rate' => '12h', + 'category' => 'reputation' + }, + + 'SPAMHAUS_EDROP' => { + 'name' => "Spamhaus Extended Don't Route or Peer List", + 'url' => 'https://www.spamhaus.org/drop/edrop.txt', + 'info' => 'https://www.spamhaus.org/drop/', + 'parser' => 'ip-or-net-list', + 'rate' => '1h', + 'category' => 'reputation' + }, + + 'DSHIELD' => { + 'name' => 'Dshield.org Recommended Block List', + 'url' => 'https://www.dshield.org/block.txt', + 'info' => 'https://dshield.org/', + 'parser' => 'dshield', + 'rate' => '1h', + 'category' => 'attacker' + }, + + 'FEODO_RECOMMENDED' => { + 'name' => 'Feodo Trojan IP Blocklist (Recommended)', + 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt', + 'info' => 'https://feodotracker.abuse.ch/blocklist', + 'parser' => 'ip-or-net-list', + 'rate' => '5m', + 'category' => 'c and c' + }, + + 'FEODO_IP' => { + 'name' => 'Feodo Trojan IP Blocklist', + 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist.txt', + 'info' => 'https://feodotracker.abuse.ch/blocklist', + 'parser' => 'ip-or-net-list', + 'rate' => '5m', + 'category' => 'c and c', + }, + + 'FEODO_AGGRESSIVE' => { + 'name' => 'Feodo Trojan IP Blocklist (Aggressive)', + 'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt', + 'info' => 'https://feodotracker.abuse.ch/blocklist', + 'parser' => 'ip-or-net-list', + 'rate' => '5m', + 'category' => 'c and c', + }, + + 'CIARMY' => { + 'name' => 'The CINS Army List', + 'url' => 'https://cinsscore.com/list/ci-badguys.txt', + 'info' => 'https://cinsscore.com/#list', + 'parser' => 'ip-or-net-list', + 'rate' => '15m', + 'category' => 'reputation' + }, + + 'TOR_ALL' => { + 'name' => 'Known Tor Nodes', + 'url' => 'https://www.dan.me.uk/torlist', + 'info' => 'https://www.dan.me.uk/tornodes', + 'parser' => 'ip-or-net-list', + 'rate' => '1h', + 'category' => 'application', + }, + + 'TOR_EXIT' => { + 'name' => 'Known Tor Exit Nodes', + 'url' => 'https://www.dan.me.uk/torlist/?exit', + 'info' => 'https://www.dan.me.uk/tornodes', + 'parser' => 'ip-or-net-list',, + 'rate' => '1h', + 'category' => 'application' + }, + + 'ALIENVAULT' => { + 'name' => 'AlienVault IP Reputation database', + 'url' => 'https://reputation.alienvault.com/reputation.generic', + 'info' => 'https://www.alienvault.com/resource-center/videos/what-is-ip-domain-reputation', + 'parser' => 'ip-or-net-list', + 'rate' => '1h', + 'category' => 'reputation' + }, + + 'BOGON' => { + 'name' => 'Bogus address list (Martian)', + 'url' => 'https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt', + 'info' => 'https://www.team-cymru.com/bogon-reference', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'invalid' + }, + + 'BOGON_FULL' => { + 'name' => 'Full Bogus Address List', + 'url' => 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt', + 'info' => 'https://www.team-cymru.com/bogon-reference', + 'parser' => 'ip-or-net-list', + 'rate' => '4h', + 'category' => 'invalid', + }, + + 'SHODAN' => { + 'name' => 'ISC Shodan scanner blocklist', + 'url' => 'https://isc.sans.edu/api/threatlist/shodan?tab', + 'info' => 'https://isc.sans.edu', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'scanner' + }, + + 'BLOCKLIST_DE' => { + 'name' => 'Blocklist.de all attacks list', + 'url' => 'https://lists.blocklist.de/lists/all.txt', + 'info' => 'https://www.blocklist.de', + 'parser' => 'ip-or-net-list', + 'rate' => '30m', + 'category' => 'attacker' + } +); -- 2.39.5