Sorry for the double post, I got the link to the script wrong... woops.
The actual link is:
www.geoghegan.ca/pfbadhost.html
On 01/03/19 15:06, Jordan Geoghegan wrote:
Hello,
I wrote a small script called 'pf-badhost' to block shodan and other
annoyances via pf firewall. Check out www.geoghegan.ca/pf-badhost.html
to see the script.
pf-badhost also blocks ssh bruteforcers and other annoyances by
loading a list of regularly updated badhost lists from trusted
sources. If you only want to block shodan specifically, just comment
out the few lines that download the other blocklists, and you should
be good to go. I've had a number of people give good feedback on it,
and they've reported it blocking the scanners and baddies quite
effectively; BSDNow also did a piece about it, so it seems to work
alright.
Cheers,
Jordan
On 01/02/19 22:15, Antonino Sidoti wrote:
Hi,
I wish to block all attempts by “shodan.io”. Basically I run an
OpenBSD (6.4) mail server using OpenSMTPD and notice quite bit of
traffic all stemming from “shodan.io". I have PF configured so I was
wondering how to block such a domain from making any attempts to
connect to my server. There is little information about Public IP
addresses being used by "shodan.io" scanner, so making an IP list for
PF may be futile.
Could someone suggest a possible option? I was thinking along the
lines of “relayd” or "squid proxy”. My server is hosted at Vultr and
has a single WAN interface with Public IP. There is no internal LAN
interface.
For those who do not know about “shodan.io”, please do a search and
you will discover what it does.
Regards
Nino