Sorry for the double post, I got the link to the script wrong... woops.
The actual link is:
www.geoghegan.ca/pfbadhost.html
On 01/03/19 15:06, Jordan Geoghegan wrote:
> Hello,
>
> I wrote a small script called 'pf-badhost' to block shodan and other
> annoyances via pf firewall. Check out www.geoghegan.ca/pf-badhost.html
> to see the script.
>
> pf-badhost also blocks ssh bruteforcers and other annoyances by
> loading a list of regularly updated badhost lists from trusted
> sources. If you only want to block shodan specifically, just comment
> out the few lines that download the other blocklists, and you should
> be good to go. I've had a number of people give good feedback on it,
> and they've reported it blocking the scanners and baddies quite
> effectively; BSDNow also did a piece about it, so it seems to work
> alright.
>
>
> Cheers,
>
> Jordan
>
>
> On 01/02/19 22:15, Antonino Sidoti wrote:
>> Hi,
>>
>> I wish to block all attempts by "shodan.io". Basically I run an
>> OpenBSD (6.4) mail server using OpenSMTPD and notice quite bit of
>> traffic all stemming from "shodan.io". I have PF configured so I was
>> wondering how to block such a domain from making any attempts to
>> connect to my server. There is little information about Public IP
>> addresses being used by "shodan.io" scanner, so making an IP list for
>> PF may be futile.
>>
>> Could someone suggest a possible option? I was thinking along the
>> lines of "relayd" or "squid proxy". My server is hosted at Vultr and
>> has a single WAN interface with Public IP. There is no internal LAN
>> interface.
>>
>> For those who do not know about "shodan.io", please do a search and
>> you will discover what it does.
>>
>> Regards
>>
>> Nino
>>
>
No comments:
Post a Comment