My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Updated Daily Sources Feed

Published: 2007-10-15. Last Updated: 2007-10-15 19:30:34 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

I updated and cleaned up a bit our "daily sources" feed. This feed is created around 4am GMT daily, and includes a summary of all the source IPs for which we received reports the prior day.

you can retrieve the feed at http[s]://isc.sans.org/feeds/daily_sources.

The link is not click-able for a reason: its 70MBytes (varies from day to day of course). I recommend a tool like curl/wget to download it once a day. Its usually created around 4am GMT, so pull it at 4:30-5:30am GMT to get it "fresh and warm".

Its a plain tab delimited ASCII file. Comments (e.g. header/footer) are indicated by a '#' as first character. The columns are:

- IP Address (we use our "sortable" 0 padded format... 10.1.100.10 -> 010.001.100.010 ).
- targetport.
- protocol.
- reports (each "packet" counts as one report).
- targets (each distinct target IP reporting this particular source IP / port combination counts as one).
- first seen: the time (UTC) of the first packet we received for this source/port.
- last seen: the time (UTC) for the last packet we received for this source/port.

NOTE! This is not a "blocklist". It needs further processing to be used as such. The data is distributed under a "Creative Commons Share Alike" license. You may use it for non-commercial use for free as long as you attribute DShield or the SANS Internet Storm Center as the source of the data. We always like to hear how our data is used.

 

 

 

Keywords:
0 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments


Diary Archives