Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Threat Feeds - SANS Internet Storm Center Threat Feeds


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Threat Feeds

Date Range: -

About This Page

In October 2015, we started collecting data from various open external threat feeds to supplement our data. DShield did not collect this data, and we suggest that you refer to the source if you would like to use the data.

The graph displays "change" for each day, not the number of active hosts. For each IP address, we track the date we first see the IP in the particular dataset, and then we note the last time an IP is listed. If you see "10" hosts for a particular date, then this means that this day, 10 new hosts were added to the feed. For more static feeds with constant activity (e.g. the port scanners) the data looks more steady as a result. For researchers, that do not change the IP addresses of their scanners often, the graph will only be different from 0 if they added new IPs.

Feed Categories

Bots: These lists include botnet command and control servers for popular botnets. You should watch for outbound traffic to these IPs.

Others: Lists that did not fit into a specific category. Refer to the list description for details.

Port Scanners: Lists of hosts that scan for various hosts or specific services

Research: These are researchers that conduct internet wide scans. By listing these feeds, we don't necessarily condone what they are doing. Up to you to block them or let them through. Researchers in this list are typically responsible enough to publish the sources from which they scan.