On 12/25/2015 06:18 AM, Mike Hammett wrote:
To the thread, not necessarily Daniel, if blocking
countries\continents is a bad thing (not saying I disagree), how do
you deal with the flood of trash? Just take it on the chin?
The degree of splash damage by blocking this way will vary based
uponwhat kind of network you are. Residential eyeballs? You could
probably block most of a lot of things and people wouldn't notice
or care, as long as it wasn't Google, Facebook, Netflix, etc.
In my networks, different users have different requirements. So I have
to be careful in my ACLs to allow what they need, while reducing access
by those who view the Internet as a sewer, and not as a privilege. (Used
to be a BOFH in the NSF days.)
So my blocking list has grown, as I have identified bad actors from the
information in my logs. Keeping in mind that people with one bad habit
will most likely have other bad habits as well, I keep it simple: if you
don't play nice, you are blocked at the demarc.
For of the majority of my users, I provide access behind a router with
the block list shown below. For those customers who want an unblocked
feed, I provide that by having the edge bypass the filtering router. (No
one has asked yet for custom filters -- 1841s are cheap and easy, and
don't take much power.)
I don't intend to provide this list for others to use. I provide this
list as an example of how I exercise my right of Internet Freedom of
Assocation, and keep my own network safe from intruders. Abuse reports?
I've given up on them, frankly. My logs don't include enough
information for some admins, so they drop my reports without further
comment. When there is an admin listed.
The nice thing about IPTABLES is that I can pull a report, if I want to,
of which of these blocks are still generating traffic. As we go farther
down the IPv4-split road, I may just set up a database of the blocks,
and monitor the traffic to see which ones have gone silent and thus can
be removed. Or not -- that's a lot of work and time, both of which I
can direct to activities that bring in revenue.
1.93.34.222/32 china ssh abuser 2014 August
5.79.75.0/24 netherlands spam 2015 January
8.27.235.155 Microsoft 2015 September
14.139.172.0/24 india ssh abuser 2015 April
23.19.26.250 ubiquityservers.com ssh 2015 January
23.90.39.0/24 eonix.net spam 2014 October
23.90.51.0/24 eonix.net spam 2014 October
23.227.196.0/24 Swiftway.com spammer 2014 October
23.228.74.0/24 globalfrag.com spam 2015 January
23.228.78.0/24 Blanckeart (NY) spam 2014 September
23.228.96.0/24 globalfrag.com spam 2015 January
23.228.103.0/24 spam 2015 April
23.229.2.0/24 servermania.com spam 2015 January
23.229.97.0/24 servermania.com spam 2015 January
23.247.12.0/24 globalfrag.com spam 2015 January
23.254.59.0/24 spam 2015 April
31.184.194.114 russia ssh 2015 January
36.72.228.0/24 India ssh abuser 2014 October
38.113.188.0/24 cogent.net spam 2015 January
41.186.0.0/16 Rwanda ssh 2015 May
43.229.52.0/24 unknown ssh 2015 May
43.229.53.0/24 unknown ssh 2015 September
43.255.189.0/24 unknown ssh 2015 June
46.166.136.0/24 spam 2015 April
46.166.189.0/24 spam 2015 April
50.2.0.0/15 eonix.net spam 2014 October
50.7.38.0/24 fdcservers.net spam 2015 January
50.162.224.109 comcast.net ssh 2015 January
52.28.227.79 amazonaws ssh 2015 September
58.208.0.0/12 china ssh abuser 2015 May
58.217.106.0/24 china ssh 2014 November
58.218.166.241/24 china ssh abuser 2015 April
58.218.204.241/24 china ssh abuser 2015 April
60.173.8.0/24 china shellshock 2014 September
60.173.9.0/24 china shellshock 2014 September
60.173.10.0/24 china shellshock 2014 September
60.173.11.0/24 china shellshock 2014 September
60.173.14.0/24 china shellshock 2014 September
60.173.26.0/24 china shellshock 2014 September
60.174.233.0/24 china shellshock 2014 September
60.184.82.0/24 china spam 2014 October
61.153.105.0/24 china ssh abuser 2014 August
61.153.110.0/24 china ssh abuser 2014 August
61.174.49.0/24 china smtp abuser 2014 August
61.174.50.0/24 china ssh abuser 2014 August
61.174.51.0/24 china ssh abuser 2014 August
61.168.229.114/24 china ssh abuser 2015 February
62.210.78.0/24 french ssh abuser 2014 October
63.223.110.0/24 sentris.com spam 2014 October
64.4.54.253 Microsoft 2015 September
64.16.210.0/23 sagonet.com spam 2015 January
66.37.4.0/24 omnis.com mail 2014 October
66.70.34.113 superfish 2015 May
66.148.122.0/24 superb.net spam 2015 January
66.55.93.168/29 gigenet.com spam 2014 October
68.233.128.0/20 yesmail.com spam 2014 October
69.58.3.0/24 spam 2015 April
69.60.127.172 slantcoil.info 2014 August
69.65.41.30/32 online market media 2014 August
69.65.46.56/29 online market media 2014 August
69.65.53.0/24 Hd-gaming.com spam 2015 January
69.168.184.210 xplornet.com ssh 2015 January
70.39.86.0/24 spam 2015 April
70.39.122.0/24 sharktech.net spam 2015 January
71.245.177.204 Verizon ssh 2015 July
74.208.0.0/16 1on1 mail abuse 2014 October
75.99.22.136/29 NY ssh abuse 2014 August
75.140.42.118 china nmap 2014 August
76.191.64.0/18 vanoppen.biz spam 2014 October
76.191.112.0/22 sentris.com spam 2014 October
78.129.180.0/24 rapidswitch.com spam 2015 January
78.138.127.0/24 poland spam 2015 January
79.142.65.0/24 Netherlands spam 2014 October
80.82.66.0/24 netherlands spam 2015 January
80.82.70.0/24 Spybot proxy abuse 2014 August
80.82.79.0/24 Spybot proxy abuse 2014 August
80.242.123.0/24 Boznia ssh abuse 2015 May
82.102.176.0/21 ssh abuse 2015 June
83.234.174.0/24 Charger ssh 2015 September
86.34.224.0/24 Romania spam 2014 October
89.248.172.0/24 Netherlands shellshock 2014 September
93.174.89.0/24 netherlands spam 2015 January
95.211.155.0/24 Netherlands spammer 2014 October
95.211.158.0/24 leaseweb.com spam 2014 October
95.211.197.0/24 leaseweb.com spam 2014 October
103.6.151.0/24 Signapore ssh 2015 September
103.41.124.0/24 Hong Kong ssh abuser 2015 March
103.252.99.0/24 relay.pttag.com spam 2014 October
104.36.86.0/24 servercrate.com spam 2015 January
104.140.56.0/24 spam 2015 April
104.148.71.0/24 domain phising spam 2015 May
106.4.0.0/14 china spammer 2014 October
107.158.0.0/16 eonix.net spam 2014 October
107.182.141.0/24 cloudshards.com spam 2015 January
108.168.211.0/24 softlayer.com spam 2014 October
109.63.0.0/16 WiMax core ssh abuser 2015 May
109.161.128.0/18 WiMax ssh abuser 2015 May
109.161.192.0/18 WiMax ssh abuser 2015 May
109.169.75.64/24 belfast ssh abuser 2015 February
110.76.47.0/24 china ssh abuser 2014 October
111.1.46.125/24 china ssh abuser 2015 April
111.74.238.0/24 china ssh abuser 2014 October
111.192.0.0/12 china ssh abuser 2015 June
112.93.254.128/29 china smtp abuser 2014 August
113.106.63.0/24 china ssh abyser 2014 September
113.163.32.0/19 vietnam ssh abuser 2015 December
113.171.10.0/24 vietnam ssh abuser 2014 August
115.153.142.0/23 china spammer 2014 October
115.239.228.14/24 china ssh abuser 2015 February
115.239.248.0/24 china ssh abuset 2014 October
116.10.191.0/24 china ssh abuser 2014 August
117.21.173.0/24 china ssh 2015 January
117.21.191.0/24 china ssh abuser 2014 October
117.27.158.0/24 china ssh abuser 2014 October
117.224.0.0/16 WiMax ssh abuser 2015 May
117.235.194.0/24 india spammer 2014 October
117.244.0.0/16 WiMax ssh abuser 2015 May
117.245.0.0/18 WiMax ssh abuser 2015 September
117.245.64.0/19 WiMax ssh abuser 2015 September
117.253.0.0/16 WiMax ssh abuser 2015 May
117.255.208.0/20 WiMax ssh abuser 2015 May
117.255.224.0/19 WiMax ssh abuser 2015 May
118.123.166.0/24 china ssh abuser 2015 April
121.12.109.0/24 china mail-relay 2015 January
122.224.32.0/24 china ssh abuser 2014 October
122.225.97.64/26 china ssh abuser 2014 October
122.225.103.0/24 china ssh abuser 2014 December
122.225.109.0/24 china ssh abuser 2014 August
122.226.102.0/23 china ssh abuser 2014 October
122.231.69.0/24 china spammer 2014 October
123.157.150.0/24 china ssh abuser 2014 October
123.242.229.75/24 hong kong ssh abuser 2015 February
124.35.69.0/24 Japan ssh 2015 January
134.19.180.0/24 netherlands spam 2015 January
144.0.0.0/24 china ssh abuser 2014 August
153.120.25.0/24 japan ssh abuser 2014 September
162.217.99.0/24 Internap spam 2014 October
162.219.27.0/24 alnitech.com spammer 2014 October
162.221.201.0/24 esecuredata spammer 2014 October
162.246.57.0/24 spam 2015 April
162.246.58.0/24 spam 2015 April
162.250.120.0/21 spam 2015 June
162.251.160.0/24 1gservers.com 2014 October
171.111.153.0/24 china ShellShock 2014 October
173.44.157.0/24 serverhub.com spam 2015 January
173.22.177.0/24 spam 2015 April
173.44.253.0/24 spam 2015 April
173.45.90.0/24 ee.net spammers 2014 October
173.213.70.224/27 falldare.net 2014 August
173.213.94.0/24 spam 2015 April
173.213.100.0/24 eonix.net spam 2015 January
173.213.103.224/27 slantcoil.info 2014 August
173.224.121.0/24 spam 2015 April
173.224.123.0/24 dedicatedserver4u spam 2014 October
173.224.126.0/24 dedicatedserver4u spam 2014 October
173.232.112.0/24 learn2speak.info 2014 October
173.232.249.0/24 eonix.net spam 2015 January
173.244.147.0/24 spam 2015 April
175.101.0.0/16 excellmedia.net india 2014 August
176.51.227.0/24 russian spam 2014 October
177.54.144.57 eonix.net ssh 2015 January
178.251.230.0/24 spam 2015 April
183.57.57.0/24 china SSH abuser 2014 October
185.42.240.32/24 ssh 2015 April
183.82.10/24 India SSH abuser 2014 October
184.170.244.0/24 coloat.com 2014 October
185.44.107.0/24 spam 2015 April
186.216.247.0/24 Brazil ssh 2015 September
186.216.249.0/24 Brazil ssh 2015 September
186.216.250.0/24 Brazil ssh 2015 September
186.216.251.0/24 Brazil ssh 2015 September
188.40.248.0/24 German spammer 2014 October
188.234.136.0/22 Russia ssh 2015 September
193.107.16.0/24 Seychelles ssh abuser 2014 August
192.3.108.0/24 colocrossing.com spam 2014 October
193.104.41.53/24 modolvia ssh abuse 2015 April
198.89.90.0/24 spam 2015 April
199.34.124.0/24 baremetalcloud.com spam 2014 October
199.115.228.0/22 VolumeDrive spam 2014 October
199.182.161.0/24 serverel.net 2014 October
199.189.115.71/24 Antigua and Barbuda SSH 2015 February
199.202.216.0/24 spam 2015 April
200.30.170.0 Nicaragua SSH 2015 January
200.162.4.0/26 Brazil spam (exe) 2014 October
202.85.213.203/24 China ssh abuser 2015 February
202.137.9.53/24 link.net.id ssh 2015 January
202.137.225.0/24 ssh 2015 April
202.109.143.0/24 china ssh abuser 2014 October
202.146.220.0/24 hong kong domain phish 2015 May
204.45.208.0/24 fdcservers.net spam 2015 January
206.222.18.0/24 ee.net spam 2015 January
208.94.21.0/24 E-dialog.com spam 2015 January
208.94.244.144/28 joedatacenter.com spam 2014 October
209.95.38.0/24 mpcustomer.com spam 2014 October
209.95.40.0/24 spam 2015 April
209.160.24.0/24 hopone.net spam 2015 January
210.32.200.0/21 China ssh 2015 December
210.211.118.0/24 Vietnam ssh abuse 2015 December
213.163.66.0/24 netherlands spam 2015 January
211.143.243.0/24 china ssh abuser 2014 August
213.163.66.0/24 netherlands spam 2015 January
213.163.72.0/24 i3d.net spammer 2014 October
216.77.79.0/24 china nmap 2014 August
216.99.158.150/24 psychz.net ssh abuse 2015 March
218.2.0.0/16 china ssh abuser 2014 October
218.3.0.0/16 china ssh abuser 2015 December
218.4.0.0/16 china ssh abuser 2015 December
218.64.0.0/16 china ssh abuser 2015 July
218.65.0.0/17 china ssh abuser 2015 July
218.199.144.0/24 china ssh abuser 2015 November
219.138.135.0/24 china ssh abuser 2014 August
219.141.254.244/24 china ssh abusert 2015 April
220.163.0.0/16 china domain phishing 2015 May
220.164.0.0/16 china domain phishing 2015 May
220.165.0.0/16 china domain phishing 2015 May
220.177.198.0/24 china ssh abuser 2014 October
220.184.0.0/16 china ssh abuser 2015 May
220.185.0.0/16 china ssh abuser 2015 May
220.186.0.0/16 china ssh abuser 2015 May
220.187.0.0/16 china ssh abuser 2015 May
220.188.0.0/16 china ssh abuser 2015 May
220.189.0.0/16 china ssh abuser 2015 May
220.190.0.0/16 china ssh abuser 2015 May
220.191.0.0/16 china ssh abuser 2015 May
221.194.47.0/24 china ssh abuser 2014 October
221.224.0.0/13 china ssh abuser 2015 May
221.229.160.223/24 china ssh abuser 2015 April
221.229.160.241/24 china ssh abuser 2015 April
221.235.188.0/24 china ssh abuser 2014 November
222.34.30.0/24 china shellshock 2014 November
222.163.192.0/24 china ssh abuser 2014 August (2014 Sep)
222.184.0.0/13 china ssh abuser 2015 May
223.73.110.0/24 china spam 2015 January