Filter IP addresses from known scanners #97
Assignees
Comments
|
hey, thanks for your interest. Anyway I think we should consider the context of this issue that seems to be misunderstood considering what you have written. This is a Threat Intel Platform and we are talking about the IP addresses stored by the DB, not the ones who connect to the application. We don't want to stop external IP addresses. We just want to categorize them correctly. |
|
We can get this information directly from TPot. TPot uses listbot to classify IP addresses according to their reputation. The scanner list you suggested is already included. See |
|
yep I know, this is why I mentioned it. It makes sense to add that list to reduce FP |
11 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should periodically download this batch of data: https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt
and add those IP to whitelists to reduce number of false positives
The text was updated successfully, but these errors were encountered: