I recently have made a system to ingest and process logs for honeypots I have in the wild. Essentially it's just open services for now that IP's will try and wordlist or brute force login to which has become extremely abused within 12 hours which is nice.
Currently I just have the one honeypot doing what it can but I will eventually deploy more. It's not a fail2ban based system, it's essentially a custom syslog server I made that intakes all login failures and appends new IP's to the list. Which you can then script or do whatever with to throw it into a firewall rule to block connections from if you wish.
This is purely ran in my free time and so is the project so I do not have any type of terms of service or SLA or what not. It'll just be there for whoever wants to use it on their systems. Obviously it can be used for anything not just Mikrotik but the target that is obtaining the login failures is a Mikrotik system very much exposed to the wild.
So yeah sorry for the probably long useless info above, the feed can be access here:
https://991tech.org/downloads/Public_Feeds/ip.list
Github repo if you want to use that instead:
https://github.com/Crash0v3r1de/HoneypotIPLists
Currently I do not have any scheduled reset so this list of IP's is currently coming up on a week old. I will probably implement a semi weekly or possibly just monthly IP reset since a lot of the IP's are just throw away hosts.
IF you wish to help the feed
- Shoot me a PM and I can walk you through what you need to do - essentially just send your syslogs to one of my public IP's and I'll do the rest.
- 12-31-2021 | Had a fairly lengthy outage last night until a few hours ago, shut down my systems in hopes of it helping with the power issues going on with the wildfires. Everything has been restored and will stay live.
- 01-21-2022 | Added the Github repo that is updated hourly if the list is changed/updated