commit
9d620dd7a5
|
@ -14,7 +14,8 @@ are available in one of the list. The list can be globally enabled or disabled i
|
|||
- [lists/google](lists/google) - known domains and hostnames from Google
|
||||
- [lists/ipv6-linklocal](ipv6-linklocal) - IPv6 link local prefix
|
||||
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
|
||||
- [lists/public-dns](lists/public-dns) - IP addresses of public DNS resolver
|
||||
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver
|
||||
- [lists/public-dns-v6](lists/public-dns-v6) - IPv6 addresses and reverse of public DNS resolver
|
||||
- [lists/rfc1918](lists/rfc1918) - RFC 1918 network subnets
|
||||
- [lists/rfc3849](lists/rfc3849) - RFC 3849 - Documentation prefix for ipv6
|
||||
- [lists/rfc5735](lists/rfc5735) - RFC 5735 CIDR blocks - Special Use IPv4 Addresses
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,184 @@
|
|||
{
|
||||
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
|
||||
"list": [
|
||||
"2001:1488:800:400::130",
|
||||
"2001:1608:10:167:342::eb52",
|
||||
"2001:1620:2777:1::10",
|
||||
"2001:1620:2777:1::11",
|
||||
"2001:1620:2777::2",
|
||||
"2001:1a68::d911:2244",
|
||||
"2001:1bc0::ffff:aaaa:2",
|
||||
"2001:1bc0::ffff:bbbb:2",
|
||||
"2001:2040:39::5",
|
||||
"2001:418:3ff::1:53",
|
||||
"2001:418:3ff::53",
|
||||
"2001:41d0:8:be92::1",
|
||||
"2001:428:101:100:205:171:2:65",
|
||||
"2001:428:101:100:205:171:3:65",
|
||||
"2001:428::1",
|
||||
"2001:450:2005:1::4",
|
||||
"2001:450:2005:2::4",
|
||||
"2001:450:2005:2::5",
|
||||
"2001:450:2005:3::5",
|
||||
"2001:468:c80:2101:0:100:0:22",
|
||||
"2001:468:c80:2101:0:100:0:22",
|
||||
"2001:468:c80:4101:0:100:0:42",
|
||||
"2001:468:c80:4101:0:100:0:42",
|
||||
"2001:470:0:45::2",
|
||||
"2001:470:0:69::2",
|
||||
"2001:470:0:78::2",
|
||||
"2001:470:0:7d::2",
|
||||
"2001:470:0:8c::2",
|
||||
"2001:470:0:c0::2",
|
||||
"2001:470:20::2",
|
||||
"2001:470:520a::1",
|
||||
"2001:470:6c:521::2",
|
||||
"2001:470:6d:521::1",
|
||||
"2001:470:f032:1::254",
|
||||
"2001:4860:4860::8844",
|
||||
"2001:4860:4860::8888",
|
||||
"2001:4870:6082:3::100",
|
||||
"2001:4870:6082:3::5",
|
||||
"2001:4870:8000:3::100",
|
||||
"2001:4870:8000:3::5",
|
||||
"2001:4ce8::53",
|
||||
"2001:4dd0:fb32:3::d",
|
||||
"2001:4dd0:fd5e::53",
|
||||
"2001:4f8:0:2::14",
|
||||
"2001:550:1:1::d",
|
||||
"2001:5b8:1::5",
|
||||
"2001:610:1108:5010::130",
|
||||
"2001:638:902:1::10",
|
||||
"2001:648:2ffc:100::211",
|
||||
"2001:678:1::206",
|
||||
"2001:67c:15e8:d1::18",
|
||||
"2001:67c:15e8:d1::19",
|
||||
"2001:67c:2b0::1",
|
||||
"2001:67c:2b0::2",
|
||||
"2001:67c:2b24:1000::10",
|
||||
"2001:67c:2b24:1000::11",
|
||||
"2001:6b0:3f::a",
|
||||
"2001:750:2:3::51",
|
||||
"2001:750:2:3::52",
|
||||
"2001:7b8:1509::1",
|
||||
"2001:840:0:200::1",
|
||||
"2001:840:200::",
|
||||
"2001:840:2010:413::100",
|
||||
"2001:910:800::12",
|
||||
"2001:910:800::40",
|
||||
"2001:913::8",
|
||||
"2001:978:1:1::d",
|
||||
"2001:978:1:2::d",
|
||||
"2001:b000:168::1",
|
||||
"2001:b08:2:280::4:1",
|
||||
"2001:bf0::2",
|
||||
"2001:da8:202:10::37",
|
||||
"2001:ec0:1::1",
|
||||
"2001:ec0:3::3",
|
||||
"2400:8900::f03c:91ff:fe70:c452",
|
||||
"2407:9000:0:4::2",
|
||||
"2600:3c00::20:b1ff",
|
||||
"2600:3c02::f03c:91ff:fe84:cb54",
|
||||
"2600::1",
|
||||
"2600::2",
|
||||
"2607:fa88:1::2",
|
||||
"2610:130:100:3::200",
|
||||
"2620:0:ccc::2",
|
||||
"2620:0:ccd::2",
|
||||
"2800:960:0:12:201:217:1:231",
|
||||
"2a00-1508-0-4--9.puntcat.ip6.guifi.net.",
|
||||
"2a00:1508:0:4::9",
|
||||
"2a00:5881:8100:1000::3",
|
||||
"2a00:dcc0:eda:88:245:71:858e:a15",
|
||||
"2a01:4f8:161:4109::6",
|
||||
"2a01:4f8:191:306c::2",
|
||||
"2a02:180:1:1::517:1045",
|
||||
"2a02:2178:1:2::2",
|
||||
"2a02:6b8::feed:ff",
|
||||
"2a02:940:0:4293::100",
|
||||
"2a03:4000:6:510b::1",
|
||||
"2a03:b0c0:3:d0::7c:5001",
|
||||
"McRip-5-pt.tunnel.tserv26.ber1.ipv6.he.net.",
|
||||
"canopus.ne2000.nl.",
|
||||
"copaco-public-resolver-ipv6-b.copaco.com.py.",
|
||||
"cznic-public-dns-1.nic.cz.",
|
||||
"dlfw-rdns-01.dlfw.twtelecom.net.",
|
||||
"dns.cesidianroot.eu.",
|
||||
"dns.yandex.ru.",
|
||||
"dns1.host.net.",
|
||||
"dns1.lon.gblx.net.",
|
||||
"dns1.phx.gblx.net.",
|
||||
"dns1.totbb.net.",
|
||||
"dns2.phx.gblx.net.",
|
||||
"dns2.roc.gblx.net.",
|
||||
"dns2.totbb.net.",
|
||||
"dnsres1.nic.cz.",
|
||||
"dnvr-rdns-01.dnvr.twtelecom.net.",
|
||||
"emma.robingroppe.de.",
|
||||
"eu-res1.dns.cogentco.com.",
|
||||
"eu-res2.dns.cogentco.com.",
|
||||
"freya.stelas.de.",
|
||||
"google-public-dns-a.google.com.",
|
||||
"google-public-dns-b.google.com.",
|
||||
"hntp1.hinet.net.",
|
||||
"homens.b-hs.de.",
|
||||
"jeru.cns.ipv6.vt.edu.",
|
||||
"jeru.cns.ipv6.vt.edu.",
|
||||
"leia.fdn.org.",
|
||||
"lpc1.stu.neva.ru.",
|
||||
"mnt1.eutelia.it.",
|
||||
"mnt2.eutelia.it.",
|
||||
"na-res1.dns.cogentco.com.",
|
||||
"ns-3.iastate.edu.",
|
||||
"ns.ipv6.uni-leipzig.de.",
|
||||
"ns0.ldn-fai.net.",
|
||||
"ns1.fdn.org.",
|
||||
"ns1.init7.net.",
|
||||
"ns1.probe-networks.de.",
|
||||
"ns1.sprintlink.net.",
|
||||
"ns1.twtelecom.net.",
|
||||
"ns10.init7.net.",
|
||||
"ns11.init7.net.",
|
||||
"ns2.all.de.",
|
||||
"ns2.itandtel.at.",
|
||||
"ns2.powertech.no.",
|
||||
"ns2.powertech.no.",
|
||||
"ns2.probe-networks.de.",
|
||||
"ns2.sprintlink.net.",
|
||||
"ns2.twtelecom.net.",
|
||||
"or.isc.org.",
|
||||
"ordns.he.net.",
|
||||
"public-dns-a.primawebtools.de.",
|
||||
"public-dns-c.ipv6.primawebtools.de.",
|
||||
"recursif.arn-fai.net.",
|
||||
"resolver.qwest.net.",
|
||||
"resolver1.dns.trex.fi.",
|
||||
"resolver1.ipv6-sandbox.opendns.com.",
|
||||
"resolver2.dns.trex.fi.",
|
||||
"resolver2.ipv6-sandbox.opendns.com.",
|
||||
"rickhunter.ns.ielo.net.",
|
||||
"rns1.grnet.gr.",
|
||||
"services.donotuse.de.",
|
||||
"tserv1.ams1.he.net.",
|
||||
"tserv1.dal1.he.net.",
|
||||
"tserv1.fmt2.he.net.",
|
||||
"tserv1.fra1.he.net.",
|
||||
"tserv1.mia1.he.net.",
|
||||
"tserv1.tor1.he.net.",
|
||||
"tungsten.gparent.org.",
|
||||
"voip.zee.li.",
|
||||
"www.cesidianroot.eu.",
|
||||
"x.ns.gin.ntt.net.",
|
||||
"y.ns.gin.ntt.net.",
|
||||
"yardbird.cns.ipv6.vt.edu.",
|
||||
"yardbird.cns.ipv6.vt.edu.",
|
||||
"zen.stack.nl."
|
||||
],
|
||||
"matching_attribute": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"name": "List of known IPv6 public DNS resolvers",
|
||||
"version": "20160803"
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
"name": "List of known public DNS resolvers",
|
||||
"version": 3,
|
||||
"description": "Event contains one or more public DNS resolvers as attribute with an IDS flag set",
|
||||
"matching_attributes": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"domain|ip"
|
||||
],
|
||||
"list": [
|
||||
"8.8.8.8",
|
||||
"8.8.4.4",
|
||||
"208.67.222.222",
|
||||
"208.67.220.220",
|
||||
"195.46.39.39",
|
||||
"195.46.39.40",
|
||||
"4.2.2.4",
|
||||
"209.244.0.3",
|
||||
"209.244.0.4",
|
||||
"64.6.64.6",
|
||||
"64.6.65.6",
|
||||
"84.200.69.80",
|
||||
"84.200.70.40",
|
||||
"8.26.56.26",
|
||||
"8.20.247.20",
|
||||
"156.154.70.1",
|
||||
"156.154.71.1",
|
||||
"199.85.126.10",
|
||||
"199.85.127.10",
|
||||
"81.218.119.11",
|
||||
"209.88.198.133"
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import csv
|
||||
import datetime
|
||||
import logging
|
||||
import ipaddress
|
||||
import json
|
||||
import os
|
||||
import requests
|
||||
|
||||
servers_url = 'http://public-dns.info/nameservers.csv'
|
||||
csv_path = 'nameservers.csv'
|
||||
dns4_path = 'list4.json'
|
||||
dns6_path = 'list6.json'
|
||||
|
||||
if os.path.isfile(csv_path):
|
||||
logging.warning('Not erasing local csv file')
|
||||
else:
|
||||
req = requests.get(servers_url)
|
||||
with open(csv_path, 'wb') as fd:
|
||||
for chunk in req.iter_content(4096):
|
||||
fd.write(chunk)
|
||||
|
||||
ip4_list = []
|
||||
ip6_list = []
|
||||
with open(csv_path) as csv_file:
|
||||
servers_list = csv.reader(csv_file, delimiter=',', quotechar='"')
|
||||
|
||||
for row in servers_list:
|
||||
if row[5] == '':
|
||||
try:
|
||||
ip = ipaddress.ip_address(row[0])
|
||||
|
||||
if ip.version == 4:
|
||||
list = ip4_list
|
||||
else:
|
||||
list = ip6_list
|
||||
|
||||
list.append(ip.compressed)
|
||||
if len(row[1]) > 0 and row[1] != '.':
|
||||
list.append(row[1])
|
||||
|
||||
except ValueError as exc:
|
||||
logging.warning(str(exc))
|
||||
|
||||
version = datetime.datetime.now().strftime('%Y%m%d')
|
||||
|
||||
out4_list = {}
|
||||
out4_list['name'] = 'List of known IPv4 public DNS resolvers'
|
||||
out4_list['version'] = version
|
||||
out4_list['description'] = 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set'
|
||||
out4_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
|
||||
out4_list['list'] = sorted(ip4_list)
|
||||
|
||||
|
||||
out6_list = {}
|
||||
out6_list['name'] = 'List of known IPv6 public DNS resolvers'
|
||||
out6_list['version'] = version
|
||||
out6_list['description'] = 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set'
|
||||
out6_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
|
||||
out6_list['list'] = sorted(ip6_list)
|
||||
|
||||
|
||||
#print(json.dumps(out4_list, indent=True))
|
||||
with open(dns4_path, 'w') as dns4_file:
|
||||
dns4_file.write(json.dumps(out4_list, indent=4, sort_keys=True))
|
||||
|
||||
with open(dns6_path, 'w') as dns6_file:
|
||||
dns6_file.write(json.dumps(out6_list, indent=4, sort_keys=True))
|
Loading…
Reference in New Issue