Our project is dedicated to producing effective IP blocklists that empower the community in the fight against cyber threats. Our blocklists are carefully crafted to target specific characteristics of attackers, enabling users to prioritize their defense strategies based on their unique needs. By continually updating and refining our blocklists, we strive to provide the most comprehensive protection possible against a range of threats, including the most recent and persistent attackers. Our goal is to help our users proactively safeguard their networks and data from potential breaches and attacks.
The blocklists generated through the history of the project can be found in the Historical folder. Those generated in the last 24 hours and intended for everyday use can be found in the Latest folder.
The Historical folder contains the history of all the generated blacklists, one folder per model.
Historical/
|-- Alpha
|-- Alpha7
|-- Prioritize_Consistent
|-- Prioritize_New
|-- Seen_today_Only ***(not used anymore, please use Alpha instead)***The Latest folder contains the latest suggested blocklists of each model.
Latest/
|-- AIP-Alpha-latest.csv
|-- AIP-Alpha7-latest.csv
|-- AIP-Prioritize_Consistent-latest.csv
|-- AIP-Prioritize_New-latest.csv
|-- AIP_blacklist_for_IPs_seen_last_24_hours.csv ***(not used anymore, please use AIP-Alpha-latest.csv instead)***
|-- AIP_historical_blacklist_prioritized_by_newest_attackers.csv ***(not used anymore, please use AIP-Prioritize_New-latest.csv instead)***
|-- AIP_historical_blacklist_prioritized_by_repeated_attackers.csv ***(not used anymore, please use AIP-Prioritize_Consistent-latest.csv instead)***At present, our project offers four types of blocklists, each designed to address specific security needs and concerns. Each of these lists is described next.
Alpha is a model that computes the list of attackers’ IPs of the last 24 hours, regardless of the type of attack, duration, or amount of traffic sent. Thus, no ranking is provided. Just the list of IPs to block.
# Download the latest alpha blocklist every day at 5 AM
0 5 * * * wget https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Latest/AIP-Alpha-latest.csvAlpha7 is a model that computes the list of attackers’ IPs of the last 7 days, regardless of the type of attack, duration, or amount of traffic sent. Thus, no ranking is provided. Just the list of IPs to block.
# Download the latest alpha7 blocklist every day at 5 AM
0 5 * * * wget https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Latest/AIP-Alpha7-latest.csvPrioritize Consistent (PC) is a model that gives more priority to those attackers that are consistently attacking. Those attackers connecting to our sensors often for several days will be on the top of the list and will have a bigger rank.
# Download the latest prioritize consistent blocklist every day at 5 AM
0 5 * * * wget https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Latest/AIP-Prioritize_Consistent-latest.csvPrioritize New (PN) is a model that gives priority to those attackers never seen before. Those attackers that attack continuously for several days will eventually have a lower rank and will be at the bottom of the blocklist.
# Download the latest prioritize new blocklist every day at 5 AM
0 5 * * * wget https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Latest/AIP-Prioritize_New-latest.csvIf you think we are blocklisting you, please report your IP to our contact email. The blocklists are generated using the free software AIP tool. For a detailed overview of our project, please visit our website.