[XCSSA] [SATLUG] testing?
X-otic Computer Systems of San Antonio
xcssa at xcssa.org
Sat Aug 29 10:53:05 CDT 2009
I don't know if this is what you are talking about, but I found a site
that gives you a script to add netblocks to your iptables to drop
packets from the China and Korea netblocks.
www.okean.com/antispam/iptables/iptables.html
I tried looking at it just now and there's no response, so I'm wondering
if they are being attacked.
Tom King
X-otic Computer Systems of San Antonio wrote:
> On Friday 28 August 2009 12:16:34 am Bruce Dubbs wrote:
> [...]
>>> Yeah.. Bruce has been known to block entire class-A blocks with iptables
>>> because he doens't like your ISP's nationality... hehe..
>> Not exactly right. It is because of behavior from clients of ISPs in some
>> places. Besides, its continents, not countries. e.g. RIPE, APNIC,
>> AfriNIC, LACNIC.
>> http://www.iana.org/assignments/ipv4-address-space/
>
> Those groups of /8 blocks are assigned to the continental registries yes
> Bruce, but the individual /8 blocks are then broken up and divvied out to the
> various countries in that region.
>
> But to keep things educational... (cross posting to XCSSA)...
> For those interested in this stuff, a good way to block entire countries is by
> doing ISO country code-->IP-block lookups, as you can do from here:
> http://ip.ludost.net/
>
> And the block very specific "seedy" parts of the nets (where all the bot nets,
> scans and phishing spam comes from). For example.. look up the IP blocks for
> ru ko cn and iptable block those sources on specific (or blanket) ip blocks..
> like this:
> -A INPUT --source $IP-BLOCK-1 -p tcp -m tcp --dport 25 -j REJECT
> -A INPUT --source $IP-BLOCK-1 -p tcp -m tcp --dport 22 -j REJECT
> -A INPUT --source $IP-BLOCK-1 -p tcp -m tcp --dport 80 -j REJECT
> -A INPUT --source $IP-BLOCK-2 -p tcp -m tcp --dport 25 -j REJECT
> -A INPUT --source $IP-BLOCK-2 -p tcp -m tcp --dport 22 -j REJECT
> -A INPUT --source $IP-BLOCK-2 -p tcp -m tcp --dport 80 -j REJECT
> ...
> -A INPUT --source $IP-BLOCK-56 -p tcp -m tcp --dport 25 -j REJECT
> -A INPUT --source $IP-BLOCK-56 -p tcp -m tcp --dport 22 -j REJECT
> -A INPUT --source $IP-BLOCK-56 -p tcp -m tcp --dport 80 -j REJECT
>
> etc.. OR the "cool kid" way is to install and run the iptables kernel support
> (and related files) for "geoip" for doing IP blocking based on specific
> country codes, and then do it like THIS:
> -A INPUT -p tcp --dport 25 -m geoip --src-cc CN,RU,KO -j REJECT
> -A INPUT -p tcp --dport 22 -m geoip --src-cc CN,RU,KO -j REJECT
> -A INPUT -p tcp --dport 80 -m geoip --src-cc CN,RU,KO -j REJECT
>
> Fun stuff...
>
> Anyone running a setup like this.. or a tarpit?
>
> If so.. please share. :)
>
> Tweeks
> _______________________________________________
> XCSSA mailing list
> XCSSA at xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa
More information about the XCSSA
mailing list