1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add-on Ban IP Ranges by AS Prefix Advertisements

Discussion in 'Resource and Add-on Requests' started by Monsta_AU, Oct 31, 2014.

  1. Monsta_AU

    Monsta_AU Member

    Just wondering if anyone has coded up a plugin to dynamically ban IP ranges of particular networks by looking up the BGP advertised IP Prefixes on their AS and updating the IP banlist accordingly?

    For instance, Take ColoCrossing (AS36352) - lots of either compromised servers or 'SEO' people with cheap VPSes trying to profile spam.

    Generally, I would go to the plugin page & enter the AS number. I would want it to do a lookup and confirm the details, the add it to the Blocked AS list.

    I would then expect a cron job to do a lookup of the advertised prefixes for AS36352 (eg: http://bgp.he.net/AS36352#_prefixes ) and add those ranges to the IP Banlist. Further runs of the cron job (selectable 6hr, 12h, 24hr refresh) would update the listings by adding new prefixes, and removing prefixes no longer advertised.
     
  2. Xon

    Xon Well-Known Member

Share This Page