The DShield blocklist is an invaluable resource for any information security shop. I’m sure most of you in infosec are already aware of it, but just in case…
DShield maintains a “block” list of networks that have exhibited suspicious activity and that that you might consider blocking.
It even includes a script that can automatically update
iptables with the updated blacklist.