On Mon, Jun 04, 2001 at 08:48:42PM +0200, Michelle Konzack wrote: > Am 23:53 03.06.2001 +0200 hat Alson van der Meulen geschrieben: > > > >On Sun, Jun 03, 2001 at 09:09:02PM +0200, Michelle Konzack wrote: > >> Hello back, > > >just nullroute aol, you won't miss much interesting traffic that way > >;) > > Cool idea... > > >btw: 172.16.0.0-172.32.255.255 are non-routable ip's, so i guess > >they're outside that range? > > I do not know, where the beginning is, but at ARIN I have gotten > the information that AOL use IP's up to 172.192.255.255.
alm:~$ whois 172.16.0.0 IANA (IANA-BBLK-RESERVED) Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292-6695 US Netname: IANA-BBLK-RESERVED Netblock: 172.16.0.0 - 172.31.255.255 this range is reserved for private, site local use > > >you could use something like snort and nullroute the ip's if snort > > What is snort ? - Never heared. www.snort.org for more info, or apt-get install snort apt-cache show snort to see a description snort is a network intrusion detection system, can detect attacks and stuff, there are some tools that can add an ipchains deny rule if an alert is raised. look at snort.org, i guess it's in the contrib section > > >gives an alert, but are you sure they're not ip spoofing? > > I have made a reverse lookup to the IP's. they can sometimes spoof the source ip... it can be quite painful if they spoof the ip so some other host will be blocked, i.e. your isp's gateway, or even 127.0.0.1 if you don't use rp_filter ;) Cheers, Alson -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: [EMAIL PROTECTED] < > School: [EMAIL PROTECTED] < `-------------------------------------------' Nobody was using that file /vmunix, were they? ---------------------------------------------