Product Security Hardening

Unrelated Networks to block

These networks scan the internet and are not exactly a threat but due to the scanning, it reveals vulnerability information within the infrastructure.

Blocking Internet Measurement (DriftNet)

ASN211298

IPv4 Scanning IPs

87.236.176.0/24
193.163.125.0/24
68.183.53.77/32
104.248.203.191/32
104.248.204.195/32
142.93.191.98/32
157.245.216.203/32
165.22.39.64/32
167.99.209.184/32
188.166.26.88/32
206.189.7.178/32
209.97.152.248/32

IPv6 IPs

2a06:4880::/32
2604:a880:800:10::c4b:f000/124
2604:a880:800:10::c51:a000/124
2604:a880:800:10::c52:d000/124
2604:a880:800:10::c55:5000/124
2604:a880:800:10::c56:b000/124
2a03:b0c0:2:d0::153e:a000/124
2a03:b0c0:2:d0::1576:8000/124
2a03:b0c0:2:d0::1577:7000/124
2a03:b0c0:2:d0::1579:e000/124
2a03:b0c0:2:d0::157c:a000/124

You may also opt out by sending your IP ranges and/or domain names to [email protected]. This process will be validated for confirmation by the Driftnet team.

Block Censys

AS398705

AS398324

AS398722

Block IONOS

AS8560

Block Internet Archive (Wayback Machine)

AS7941

Block North Korea

AS13127

Block Yandex (Russian Search Engine)

AS13238

Block M247 Europe

AS9009

Cloudflare

GeoBlocking with Whitelist expression - This rule blocks incoming traffic from a specified list of countries and the Tor network while allowing traffic from any IP addresses included in a predefined whitelist (e.g., trusted clients or partners).

(ip.src.country in {"CN" "KP" "IR" "SO" "IQ" "CU" "SY" "LY" "VE" "SC" "DE" "NL" "LT" "BG" "ID" "KZ" "BD" "RO" "CL" "PE" "LV" "GI" "TR" "MD" "EE" "UZ" "KG" "MN" "BO" "EG" "ZA" "XX"} or ip.src.continent eq "T1") and not (ip.src in $geo_whitelist)

Bulk IP CSV uploads require a CSV in IP, DescriptionFormat. Here is a python script to use for creating the bulk upload csv:

cfbulkip.py

import csv

# Replace the below IPs with your multiline IP list
raw_ips = """
8.8.8.8
9.9.9.9
"""

# Clean up list
ip_list = raw_ips.strip().splitlines()
ip_list = [ip.strip() for ip in ip_list if ip.strip() and not ip.startswith("#")]

# Remove duplicates and sort
unique_ips = sorted(set(ip_list))

# Description
default_description = "Uploaded via bulk upload script"

# Write to CSV
with open('cloudflare_ips.csv', mode='w', newline='') as csvfile:
    writer = csv.writer(csvfile)
    writer.writerow(['ip', 'description'])  # Cloudflare format
    for ip in unique_ips:
        writer.writerow([ip, default_description])

print("Saved to cloudflare_ips.csv")

Last updated