Re: How to auto-ban access form certain IP addresses?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Tue, 28 Mar 2006 18:37:44 -0600
On Tue, 28 Mar 2006, in the Usenet newsgroup linux.redhat, in article
<APWdnQgQTqyyzLTZnZ2dnUVZ_v-dnZ2d@xxxxxxxxxxx>, dnoyeB wrote:
Its a good idea but typically these come from Asia and the numbers
change about twice a month. I've written over spam as well as attacks
and never met a person that gave a ***, even when they have an abuse
address associated with the IP block...
Very true - another problem being that there are a large number of
address ranges where it comes from. You can't just block on a domain
name, because (for example) China rarely bothers setting up PTR records
which means you can't resolve 61.174.10.100 to "mumblefritz.cn" even
though 61.174.0.0/15 is CHINANET-ZJ (Zhejiang province network).
One solution - hinted in my other reply - is to just block the whole
thing. You could use the tactical nuclear version of the firewall - blocking
58.0.0.0/2, 60.0.0.0/2, 120.0.0.0/5, 202.0.0.0/7, 210.0.0.0/7, 218.0.0.0/7
and 220.0.0.0/6 is going to knock out a lot of Asia (collateral damage?
wazzat?), but not all of it. Looking at the first octet of CN domains,
[compton ~]$ grep CN stats/APNIC | cut -d' ' -f2 | cut -d'.' -f1 | sort -un |
column
58 61 134 162 168 202 211 220
59 124 159 166 192 203 218 221
60 125 161 167 198 210 219 222
[compton ~]$
Old guy
.
- References:
- How to auto-ban access form certain IP addresses?
- From: dnoyeB
- Re: How to auto-ban access form certain IP addresses?
- From: Matt Giwer
- Re: How to auto-ban access form certain IP addresses?
- From: dnoyeB
- How to auto-ban access form certain IP addresses?
- Prev by Date: Re: How to auto-ban access form certain IP addresses?
- Next by Date: SU to root but still cannot access root commands
- Previous by thread: Re: How to auto-ban access form certain IP addresses?
- Next by thread: Re: How to auto-ban access form certain IP addresses?
- Index(es):
