GhostProxiesIP-Level Proxy History Data For Basic Defense in Efficient Cloud Firewalls
Implement historical IP address security risk intelligence data as a low-latency, primitive firewall defense against preventable cyber attacks from distributed, open proxy servers.
Explanation
Problem
Hackers coordinate distributed cyber attacks by connecting to open proxy servers that listen for connections on public IP addresses.
Advanced defense solutions using AI, device fingeprinting and user behavior analysis can be effective but inefficient compared to identifying and discarding basic IP-level threats early on.
Solution
GhostProxies manages distributed public IP monitoring systems with connection handshakes to confirm threat levels and recursive scanning intervals to reveal hidden IPs behind open gateway proxy servers.
Implement the GhostProxies IP address proxy history database into high-performance open network firewalls and web applications as the first line of defense to automatically block the highest-risk traffic.
A risk level 0 IP never revealed an open proxy server to GhostProxies scanners.
A risk level 1 IP revealed an open proxy server to GhostProxies scanners more than 2 weeks ago.
A risk level 2 IP revealed an open proxy server to GhostProxies scanners less than 2 weeks ago.
Spotlight
174.64.199.82: A High-Risk IP Address
An open SOCKS proxy server forwarded an unauthenticated connection from the gateway IP 174.64.199.82 on port 4145 through the exit IP 174.64.199.82.
Download
GhostProxies provides a highly-compressed, up-to-date zip file link containing a minimal database with each a.b.c.d IP in a /a/b/c/d/ directory.
For example, the directory for 10.9.8.7 would be /10/9/8/7/.
The default rate limit is 20 downloads per subscription per hour.
The database contains an f file for each first confirmed proxy, and an l file for each last confirmed proxy.
Each f and l file contains data formatted as timestamp-port-protocol-listening_ip.
timestamp is the 10-digit Unix timestamp of the confirmed proxy connection.
port is the gateway proxy port as a positive number less than 65536.
protocol is either h for HTTP or s for SOCKS.
listening_ip is the listening IP that initially forwarded the proxy connection. When the listening IP is the same as the confirmed proxy IP, the data format is timestamp-port-protocol.
For example, the IP data for a new confirmed HTTP proxy directly on 10.9.8.7 using port 80 would be 1740080716-80-h. The full path to the database file would be /ghostproxies/10/9/8/7/l.
Subscribe for $99 per month to receive a download link within 24-48 hours.
