- Newest
- Most votes
- Most comments
The AWS Security Automations solution (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/source-code.html) contains a set of protections (https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/capabilities.html) including "Known attacker origins (IP reputation lists): "
Known attacker origins (IP reputation lists): A number of organizations maintain reputation lists of IP addresses operated by known attackers, such as spammers, malware distributors, and botnets. This solution leverages the information in these reputation lists to help you block requests from malicious IP addresses.
A look at the source code for the solution (https://github.com/awslabs/aws-waf-security-automations/blob/master/source/custom-resource/custom-resource.py) reveals that is uses the following reputation list sources
"https://www.spamhaus.org/drop/drop.txt" "https://www.spamhaus.org/drop/edrop.txt" "https://check.torproject.org/exit-addresses", "prefix": "ExitAddress " "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
Spamhouse appears to primarily focus on reputation lists built upon hosts engaged in email spamming.
The torproject list appears to identify anonymous connections, entry/exit nodes of the TOR (The Onion Router) anonymization network.
Proofpoint appear to manage the emerging threats list.
More details on how that is maintained here : https://tools.emergingthreats.net/docs/ET%20Intelligence%20Rep%20List%20Tech%20Description.pdf
You could adapt the solution to grab different lists.
Relevant content
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago