Last month I wrote about protecting asterisk with fail2ban. I’ve been running my fail2ban regex configuration for only a few months and have already collected a list of over 6000 dodgy IP addresses. In my experience fail2ban starts to struggle with long IP lists and so I decided it was time to implement a blocklist on my firewall, and I’ve published my ip ban lists in case they useful to you, too.
It’s very important you that understand I’ve not reviewed these ban lists extensively. It is highly likely some of the addresses are safe, for example, operated by security research groups. These lists are published without any warranty.
I’ve published two IP blocklists created by analysing my SIP and SSH logs. The lists are in a simple line-by-line text format and you can use the urls below to add dynamic reject rules to your firewall, like I do. If you use the OPNsense firewall, Reto Haeberli has a great guide on Using OPNsense and IP blocklists to block malicious traffic.
For the SIP blocklist:
For SSH blocklist:
I’ll update these lists as I collect more IP addresses.