OpenBSD: Monster IPs – Let’s jail them!

Written by: Özgür Kazanççı -

Category: My OpenBSD Write-Ups

I love logs. (By the way, greetings, after very-very long time!)

I love reading log files, deeply investigating them.

I dedicate a large amount of my time to reading log files of the servers I’ve been managing since decades. While they actually do work fine as they should, I still investigate them and check for their health – through the logs – from time to time.

And within all those log files, there’re always *bad guyz* scanning the servers I manage/administrate. Brute-forcing ports, spamming&relay-checking SMTP servers, scanning entire ports, trying to hack e-mail accounts, filling SSH’s/FTP’s auth. log files, et cetera.

I usually collect&merge them into a text file and while they usually waste disk, I/O and bandwidth, I block them by OpenBSD’s great PF.

Today, I wanted to share them in public. The IPs are here for your reference/usage. They were/are rapidly filling logs!

I will be updating the link frequently. More bad guyz -> ban-me.txt

ban-me.txt  – (Updated)

P.S.: In addition to my manual ban-me PF block table, I use few other scripts as well.

I can say the best one is implemented by Jordan Geoghegan, a very good script called pf-badhost – working on OpenBSD, FreeBSD, DragonflyBSD, NetBSD and MacOS, a simple, network filtering tool that uses PF firewall to block many of the internet’s biggest irritants.

Annoyances such as SSH and SMTP bruteforcers are largely eliminated.” it says. And that’s true! I use it on almost every server I set and/or manage. Brings my servers way much cleaner network traffic and very much relaxed disk I/O rate.

I’m going to write an article on further details of pf-badhost.

UPDATE: My much detailed write-up about pf-badhost is here:



Leave a Reply