Re: adm and address blocking
On Tue, 16 Sep 2003, Thomas M. Albright wrote: > Additionally, i've been getting attacked from ipt.aol.com. They own the > address range from 172.128.0.0 - 172.211.255.255 What would be the > netmask to block a range like that? 172.128.0.0/8 would block the entire > class B, right? 172.128.0.0/8 would select the entire class A, and would be essentially the same as 172.0.0.0/8, AFAICT - the mask is 8 bits long, encompassing therefore the first number in "dotted-quad" notation. A B network would have a 16-bit netmask. The range you describe is actually comprised of an amalgam of subnets of the 172.0.0.0 network, and in order to block exactly those addresses (and not inadvertently block any others, due to an overly-broad specification), you'll need to separate them out and block them individually. Network/MaskRange 172.128.0.0/10 172.128.0.0-172.191.255.255 172.192.0.0/12 172.192.0.0-172.207.288.255 172.208.0.0/14 172.208.0.0-172.211.255.255 HTH! -- Bill Mullen [EMAIL PROTECTED] MA, USA RLU # 270075 MDK 8.1 & 9.0 "Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done." - Andy Rooney ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
RE: adm and address blocking
On Tue, 16 Sep 2003, Travis Roy wrote: > > I find amusing that the adm account on this machine has a mailbox full > > of spam. Amusing tho it may be, how can I stop it from happening? > > You can use some kind of spam blocking software. Anything from spamassassin > to a white-list style. > What if I chmod /var/spool/mail/adm to ? > > Additionally, i've been getting attacked from ipt.aol.com. They own the > > address range from 172.128.0.0 - 172.211.255.255 What would be the > > netmask to block a range like that? 172.128.0.0/8 would block the entire > > class B, right? > > While blocking a whole range is what a lot of people I know do, I wouldn't, > even more so if it's AOL. Eventually you will know somebody that uses AOL, > or if you have users on your system they will know somebody that uses AOL. > This isn't about spam, this is attacks trying to break in. (Usually through port 1080.) Nor is this going to block all (or even most) of aol. This is just to keep *.ipt.aol.com away from me. Note: just ipt, not mx or any other aol thing. Spam I can filter, attacks I just kill. -- TARogue (Linux user number 234357) There are 10^11 stars in the galaxy. That used to be a huge number. But it's only a hundred billion. It's less than the national deficit! We used to call them astronomical numbers. Now we should call them economical numbers. -Richard Feynman, physicist, Nobel laureate (1918-1988) ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
RE: adm and address blocking
> I find amusing that the adm account on this machine has a mailbox full > of spam. Amusing tho it may be, how can I stop it from happening? You can use some kind of spam blocking software. Anything from spamassassin to a white-list style. > Additionally, i've been getting attacked from ipt.aol.com. They own the > address range from 172.128.0.0 - 172.211.255.255 What would be the > netmask to block a range like that? 172.128.0.0/8 would block the entire > class B, right? While blocking a whole range is what a lot of people I know do, I wouldn't, even more so if it's AOL. Eventually you will know somebody that uses AOL, or if you have users on your system they will know somebody that uses AOL. I use a combo of spamassassin and some postfix rules to block stuff (basically unreadable emails, emails with ADV: in them, or stuff about enlarging parts of ones body get dumped by postfix.. Everything else gets dumped by spam assassin). Unless you use the whitelist approach you will probably never block all spam. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss