Product Security Hardening
Unrelated Networks to block
These networks scan the internet and are not exactly a threat but due to the scanning, it reveals vulnerability information within the infrastructure.
Blocking Internet Measurement (DriftNet)
ASN211298
IPv4 Scanning IPs
87.236.176.0/24
193.163.125.0/24
68.183.53.77/32
104.248.203.191/32
104.248.204.195/32
142.93.191.98/32
157.245.216.203/32
165.22.39.64/32
167.99.209.184/32
188.166.26.88/32
206.189.7.178/32
209.97.152.248/32
IPv6 IPs
2a06:4880::/32
2604:a880:800:10::c4b:f000/124
2604:a880:800:10::c51:a000/124
2604:a880:800:10::c52:d000/124
2604:a880:800:10::c55:5000/124
2604:a880:800:10::c56:b000/124
2a03:b0c0:2:d0::153e:a000/124
2a03:b0c0:2:d0::1576:8000/124
2a03:b0c0:2:d0::1577:7000/124
2a03:b0c0:2:d0::1579:e000/124
2a03:b0c0:2:d0::157c:a000/124
You may also opt out by sending your IP ranges and/or domain names to [email protected]. This process will be validated for confirmation by the Driftnet team.
Block Censys
AS398705
AS398324
AS398722
Block IONOS
AS8560
Block Internet Archive (Wayback Machine)
AS7941
Block North Korea
AS13127
Block Yandex (Russian Search Engine)
AS13238
Block M247 Europe
AS9009
Cloudflare
GeoBlocking with Whitelist expression - This rule blocks incoming traffic from a specified list of countries and the Tor network while allowing traffic from any IP addresses included in a predefined whitelist (e.g., trusted clients or partners).
(ip.src.country in {"CN" "KP" "IR" "SO" "IQ" "CU" "SY" "LY" "VE" "SC" "DE" "NL" "LT" "BG" "ID" "KZ" "BD" "RO" "CL" "PE" "LV" "GI" "TR" "MD" "EE" "UZ" "KG" "MN" "BO" "EG" "ZA" "XX"} or ip.src.continent eq "T1") and not (ip.src in $geo_whitelist)
Bulk IP CSV uploads require a CSV in IP, Description
Format. Here is a python script to use for creating the bulk upload csv:
cfbulkip.py
import csv
# Replace the below IPs with your multiline IP list
raw_ips = """
8.8.8.8
9.9.9.9
"""
# Clean up list
ip_list = raw_ips.strip().splitlines()
ip_list = [ip.strip() for ip in ip_list if ip.strip() and not ip.startswith("#")]
# Remove duplicates and sort
unique_ips = sorted(set(ip_list))
# Description
default_description = "Uploaded via bulk upload script"
# Write to CSV
with open('cloudflare_ips.csv', mode='w', newline='') as csvfile:
writer = csv.writer(csvfile)
writer.writerow(['ip', 'description']) # Cloudflare format
for ip in unique_ips:
writer.writerow([ip, default_description])
print("Saved to cloudflare_ips.csv")
Last updated