Add-on Ban IP Ranges by AS Prefix Advertisements

Monsta_AU

Member
Just wondering if anyone has coded up a plugin to dynamically ban IP ranges of particular networks by looking up the BGP advertised IP Prefixes on their AS and updating the IP banlist accordingly?

For instance, Take ColoCrossing (AS36352) - lots of either compromised servers or 'SEO' people with cheap VPSes trying to profile spam.

Generally, I would go to the plugin page & enter the AS number. I would want it to do a lookup and confirm the details, the add it to the Blocked AS list.

I would then expect a cron job to do a lookup of the advertised prefixes for AS36352 (eg: http://bgp.he.net/AS36352#_prefixes ) and add those ranges to the IP Banlist. Further runs of the cron job (selectable 6hr, 12h, 24hr refresh) would update the listings by adding new prefixes, and removing prefixes no longer advertised.
 
Back
Top Bottom