- Le plus récent
- Le plus de votes
- La plupart des commentaires
The AWS Security Automations solution (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/source-code.html) contains a set of protections (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/capabilities.html) including "Known attacker origins (IP reputation lists): "
Known attacker origins (IP reputation lists): A number of organizations maintain reputation lists of IP addresses operated by known attackers, such as spammers, malware distributors, and botnets. This solution leverages the information in these reputation lists to help you block requests from malicious IP addresses.
A look at the source code for the solution (https://github.com/awslabs/aws-waf-security-automations/blob/master/source/custom-resource/custom-resource.py) reveals that is uses the following reputation list sources
"https://www.spamhaus.org/drop/drop.txt" "https://www.spamhaus.org/drop/edrop.txt" "https://check.torproject.org/exit-addresses", "prefix": "ExitAddress " "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
Spamhouse appears to primarily focus on reputation lists built upon hosts engaged in email spamming.
The torproject list appears to identify anonymous connections, entry/exit nodes of the TOR (The Onion Router) anonymization network.
Proofpoint appear to manage the emerging threats list.
More details on how that is maintained here : https://tools.emergingthreats.net/docs/ET%20Intelligence%20Rep%20List%20Tech%20Description.pdf
You could adapt the solution to grab different lists.
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans