IPv64 Blocker Nodes - Integration Guide

IPv64 Blocker Nodes are the central tool for the v64 blocklist. You can also contribute to the list with the services you offer on the Internet. There are several different ways to collect this information and report it to the IPv64 system.

still under development

Share your Blocker-Node information via IPv64 API

Reporting IPs via the API

IPv64 API Url: https://ipv64.net/api

API Authentication
Bearer Token: Your Account API Key/Token (Option 1) Basic Auth Base64: {xyz}:{apikey} - Your Account API Key/Token (Option 2) apikey|token:[GET|POST] - Your Account API Key/Token (Option 3)

Send single poisoned IP

[POST] HTTPs Request


				blocker_id: Send Blocker ID to assign it to you (optional)

				report_ip: Report poisened IP (Format IPv4 / IPv6) (required)

				port: You can specify the destination port if possible (optional)

				category: Select a category to assign this message (optional)

				info: You can add additional information (optional)

Send List of poisoned IP

[POST] HTTPs Request


				blocker_id: Send Blocker ID to assign it to you (optional)

				report_ip_list: Report poisened IP (json) (required)

JSON Format for: report_ip_list


					{"ip_list":[

					    {

						     "ip":"1.2.3.4",

						     "category":"55",

						     "info":"66"

						     "port":"22"

					    },

					    {

						     "ip":"5.6.8.7",

						     "category":"11",

						     "info":"22"

						     "port":"80"

					    }]

				}

List of categories for reporting

1: SSH, 2: HTTPs, 3: Mail, 4: FTP, 5: ICMP, 6: DoS, 7: DDoS, 8: Flooding, 9: Web, 10: Malware, 11: Bots, 12: TCP, 13: UDP,

Liste ist noch fertig.

Preconfigured implementations for Blocker Nodes

Report your Fail2Ban information

Fail2ban is already a great tool to block unwanted access, but this information is not shared. With this script this information can be shared with the IPv64 database.
You can then track the shared information in your IPv64 dashboard.

Fail2Ban - v64 Blocker Node Guide (Thinker Script)

Report your crowdsec incidents

Crowdsec is next to Fail2ban another spiky tool to detect unauthorized accesses and then store them in a ban list. Crowdsec reports like IPv64 these IP addresses to a central place. IPv64 can also make good use of this information.

Crowdsec - How to Share Crowdsec informations

Track down more attackers

Tools like Crowdsec or Fail2ban do not detect internet criminals in their entirety. There are other suspicious Internet activities that should be blocked. These include port scans, ICMP flooding, SYN attacks and many other nasty connections. You can report anything that seems unsafe to you to the IPv64 Blocklist system.

Detect malicious network traffic with Mikrotik
Detect malicious traffic with NFTables/IPTables
Report DDoS attacks

User created detection and reporting scripts

Here is a list of scripts and detection methods from IPv64 community members. As mentioned several times, there are countless methods and approaches to detect malicious network traffic and the community at large knows best what to do.

User Script #01 (Github)
User Script #02 (Github)

First Level Firewall Blocklist with IPv64.net

The first blocklist which blocks not only false logins and brute force attacks. Share your experience with others in the community and benefit from the decentralized work.