Size of the blocklist

Antworten
michelpy
Beiträge: 5
Registriert: 4. Mär 2016, 07:18

Size of the blocklist

Beitrag von michelpy » 4. Mär 2016, 07:22

Hi there,

Between Wednesday at ~1800 GMT and now ( Friday at 0600 GMT) the number of blocked IP addresses went from ~25000 to ~60000.

Is this a normal behavior ?

Thanks.

Benutzeravatar
Martin
Beiträge: 400
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Size of the blocklist

Beitrag von Martin » 4. Mär 2016, 10:54

Hello michelpy,

we have add the ddos-IPs, which Attacks blocklist.de self with http-flood.
There are round about 10.000 up to 30.000 unique ips each day, which was blocked with an http-code 403 and reported now.
After the last two weeks, only the blocking does not help, because the number of attacker-ips does not reduced, so we report them now since yesterday.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

michelpy
Beiträge: 5
Registriert: 4. Mär 2016, 07:18

Re: Size of the blocklist

Beitrag von michelpy » 4. Mär 2016, 18:00

Martin,

Do you have an estimate on what the top number of block IP could be ?

The reason I'm asking : I recently started the CBBC : http://arneill-py.sacramento.ca.us/cbbc/
It's a BGP blacklist based on a variety of blocklists, including yours. Still in the very early technical phase.
After a couple weeks of analysis, I set the maximum number of prefixes to 80K. This can not be change on the fly, as it is configuration on the subscriber's routers. Obviously it was too low, I need a new value for the maximum number.

If you have time, please get back to me privately; my email is in the attached graphic.

Thanks
Michel.
Dateianhänge
email as graphic.jpg

Benutzeravatar
Martin
Beiträge: 400
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Size of the blocklist

Beitrag von Martin » 4. Mär 2016, 22:44

Hello Michel,

you can download the Lists separately for each service but exclude "apache"-List or (need longer) to download the all.txt and then execlude the apache.txt list.

When the Attacks is still going on next Week, i will build a new Export-List/Service, that these IP are not longer in the "Apache"-List included.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Antworten