Hey there, tech folks! As a part of our tech community, we're giving homelabers and tech enthusiasts a free community version of ELLIO: IP Feed for non-commercial use. Enjoy!
The Community ELLIO: IP Feed is an external dynamic threat list, consisting of known malicious IP addresses anticipated to pose potential threats to your network in the near future. It also includes known benign scanners and IP addresses of actors with unknown intent. Compared to the ELLIO: Threat List, community version is not tailored to the network inventory of your perimeter.
Download link to the Community ELLIO: IP Feed
Copied to clipboard
ELLIO: IP Feed. An IP blocklist that works
Low false-positive rate of 0.02%
100.000 - 250.000 IP addresses
Automatic updates daily
Report False Positive
If you've come across an IP address that you believe shouldn't be in the ELLIO: IP Feed, let us know! You can report it to fp-report (at) ellio.tech or reach out to us on our community Slack. Thank you for helping us improve!
How ELLIO asists | By using our sensor network, we constantly monitor internet activities and analyze behavioral patterns within them. This enables us to selectively filter and prioritize essential traffic whenever required. We possess the capability to detect and filter both regular and exploit-driven traffic originating from IP addresses, including those that have not been linked to any malicious activities before.
How ELLIO asists | Botnets, which commonly consist of numerous compromised devices with fluctuating IP addresses, can pose challenges for conventional IP filtering techniques. However, dynamic lists offer firewalls the flexibility to adapt their rules and filter traffic by leveraging real-time data, including recognized botnet IPs and behavioral patterns.
How ELLIO asists | For SIEM solution users, we assist in reducing false positives by filtering out random, insignificant internet noise from severe, targeted attacks, while ensuring that authentic traffic remains uninterrupted. This increases the effectiveness of firewall rules and reduces the influx of irrelevant incidents reported to your SIEM solution.
CHANGING IP ADDRESSES
Many attackers aim to avoid getting blacklisted by consistently changing their IP address. Criminals may use multiple addresses, enabling them to switch if one gets blocked. These alterations also increase the difficulty of identifying attackers, resulting in less successful detection
Attackers commonly leverage massive botnets comprising thousands to millions of compromised end users or IoT devices. These botnets, often rented as a service on the dark web, involve a high volume of frequently changing IP addresses. Traditional IP filtering is ineffective against such attacks.
False positives are a significant challenge. Today's security systems generate too many alerts, making it difficult for teams to identify and respond to actual threats in a timely manner. Approximately a third of all cybersecurity alerts are determined to be false positives, leading to a huge waste of resources to investigate problems that don’t actually exist. Alert overload can quickly cause major problems such as high staff turnover, low productivity, and financial loss.