Looking through the documentation, I was wondering if anyone cares about network scanners like Shodan scanners as listed in wiki.ipfire.org - How to block Shodan scanners? Clearly Shodan is not the only net scanner out there, so is this still relevant? This is particularly true given the recent upgrades in IpFire, particularly Location Block.
If so, I have been slowly putting together a list of other net scanners that I could share. Some of the websites associated with these net scanners have some interesting information (assuming that it is to be believed).
To be honest, I am not sure if maintaining a list of scanner IP addresses is worth the effort. They come and go, and non-static IPs such as compromised devices are way too volatile to keep track of them.
It might make more sense to use the IPS, and enable some scanner rules that are disabled by default. With the “ET community” ruleset, for example, the majority of Nmap-rules are disabled by default - enabling them detects quite a bit on my machines.
