Please wait while ipset data are being loaded...
Do you like this site? | |
Help us make it better. |
name | |
---|---|
category | |
maintainer | |
IP family | |
ipset hash | |
ipset entries | |
unique IPs | |
source | |
local copy | |
changesets | |
check frequency | |
average update frequency | |
aggregation | |
fetch errors | |
monitoring since | |
last time updated by its maintainers | |
last time processed by us | |
last time we checked |
Your computer clock seems wrong! Some calculations may be wrong.
Please sync your clock.
The IPs in this list are aggregated by us. The source list either has no retention at all (i.e. it lists IPs just once and they are lost at the next refresh), or its retention is too low, or it would be interesting to know the IPs that pass through the original list in longer durations. So we decided to aggregate several updates together.
If you use this IP list in production systems, keep in mind this aggregation introduces a significant drawback: To unlist an IP, once it is in the aggregation log, you will either have to whitelist it using your own means, or wait for the aggregation period to expire so that it will be unlisted automatically.
Each time the IP list is changed, modified, or updated we keep track of its size (both number of entries and number of unique IPs matched). Using this information we can detect what the list maintainers do, get an idea of the list trend and its maintainers habbits.
Using the chart below we attempt to answer these questions:
hash:net
ipsets (check this article for more information on how this is done).
Entries
is the number of entries the ipset has.UniqueIPs
is the number of unique IPs the ipset matches.Loading evolution chart... |
The chart below shows the change history of the IP list, i.e. the number of unique IPs added and removed with each update.
Using the chart below we attempt to answer these questions:
Loading changesets chart... |
Each time an ipset is updated we check it against the MaxMind GeoLite2 country, the IPDeny.com country, the IP2Location.com Lite country and the IPIP.net country databases, to find the list's unique IPs per country.
Using the maps below we attempt to answer these questions:
All lists suffer from false positives to some degree, so using this IP list at your firewall might block some of your users or customers.
Loading geolite2 map... |
Loading ipdeny map... |
Loading ip2location map... |
Loading ipip map... |
The age of each IP in the list is shown below. The time shown is calculated in realtime; it will be refreshed as time passes, even if the list is not updated.
Using the chart below we attempt to answer these questions:
Most lists include IPs that match some criteria (e.g. an attack or abuse is detected originated from the IP in question). Once an IP is listed, it remains listed for a pre-defined amount of time, unless it matches the criteria again, in which case its expiration time is refreshed.
Many lists announce the duration they list IPs. Many don't and almost all lists have exceptions that do not follow the announced rules.
A false positive is in place when an IP that was properly detected and added to the list, was released and re-used by another person, before being unlisted from the list. Since the world is full of dynamic IP users, false positives is the biggest problem of blocklist / blacklists.
In the chart below we show the exact age of the IPs currently listed. Small ages are good. Long ages are not necessarily bad. Normally, longer ages should only be a small part of the list's size.
Pay attention to the 50% mark. This is the average age of the IPs in the list. Pay also attention to the 75% (most probable) and the 90% (expected max) marks.
The ideal age chart of a well maintained IP list should a straight line from the bottom left corner, to the upper right corner of the chart.
Of course, this is affected by the pressure of different attacks and possibly the different listing policies for different types of attacks.
In general though, this chart should be as granural as possible.
Long horizontal lines indicate either sustaining attacks, or unreasonably high listing policies.
Loading age chart... |
The retention policy of the list shows the duration IPs were listed, when they were listed. This is calculated every time the list maintainers remove an IP from the list. The chart below shows the retention policy detected, since we started monitoring the list (it is not limited to a certain timeframe).
Using the chart below we attempt to answer these questions:
Loading retention chart... |
Using the chart below we attempt to answer these questions:
Check the column Their %
. A high percentage in this column, indicates that the IP list of that row is included in .
Check the column This %
. A high percentage in this column, indicates that is included in the IP list of that row.
Focus on the last two columns: Their %
and This %
. These two percentages show the percentage of overlap this list has with other IP lists.
Using the comparison table, we can easily find out that, for example, abuse is often initiated from anonymizing IPs (like open proxies) and malwares.
List | Their % | This % |
---|