RE: Need BOGIES list
>> >> I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed >> for APNIC (Asia-Pacific Network Information Center) to get the following >> list. For the church email site that I support I block wholesale /8 IP >> address ranges. I assume that for our church we will never get email >> from an APNIC site. >> > > *snip* > > Great, if you intend to never correspond with 202/8, 203/8 and 210/8 you > just nuked most of New Zealand and a lot of Australia at the same time. > > You might find that being a _tad_ more specific is useful. Believe it or > not, theres a lot of legit business conducted between Australasia and the > rest of the world... > > Mark. > Sorry for replying again, but a quick google revealed this: http://www.okean.com/asianspamblocks.html (note the paragraph reccomending not blocking greater than /16 at a time) And more specifically: http://www.okean.com/china.html This is probably what you're after, if you wish to block only China. Mark.
RE: Need BOGIES list
> > I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed > for APNIC (Asia-Pacific Network Information Center) to get the following > list. For the church email site that I support I block wholesale /8 IP > address ranges. I assume that for our church we will never get email > from an APNIC site. > *snip* Great, if you intend to never correspond with 202/8, 203/8 and 210/8 you just nuked most of New Zealand and a lot of Australia at the same time. You might find that being a _tad_ more specific is useful. Believe it or not, theres a lot of legit business conducted between Australasia and the rest of the world... Mark. (Who has historically had a LOT of trouble convincing some providers that denying comms with New Zealand is a good way to get a whole nation up in arms, especially if you're a big name telco in the US who is dropping IP from a big name telco here...)
RE: Need BOGIES list
I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed for APNIC (Asia-Pacific Network Information Center) to get the following list. For the church email site that I support I block wholesale /8 IP address ranges. I assume that for our church we will never get email from an APNIC site. 058/8 Apr 04 APNIC (whois.apnic.net) 059/8 Apr 04 APNIC (whois.apnic.net) 060/8 Apr 03 APNIC (whois.apnic.net) 061/8 Apr 97 APNIC (whois.apnic.net) 124/8 Jan 05 APNIC (whois.apnic.net) 125/8 Jan 05 APNIC (whois.apnic.net) 126/8 Jan 05 APNIC (whois.apnic.net) 202/8 May 93 APNIC (whois.apnic.net) 203/8 May 93 APNIC (whois.apnic.net) 210/8 Jun 96 APNIC (whois.apnic.net) 211/8 Jun 96 APNIC (whois.apnic.net) 218/8 Dec 00 APNIC (whois.apnic.net) 219/8 Sep 01 APNIC (whois.apnic.net) 220/8 Dec 01 APNIC (whois.apnic.net) 221/8 Jul 02 APNIC (whois.apnic.net) 222/8 Feb 03 APNIC (whois.apnic.net) Here is my procmail recipe if that helps: :0 H * ^Received:.*\[(58\.|59\.|60\.|61\.|\ 124\.|125\.|126\.|\ 202\.|203\.|\ 210\.|211\.|\ 218\.|219\.|\ 220\.|221\.|222\.) { /dev/null } ...Kevin O'Neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geoff White Sent: Wednesday, July 06, 2005 2:50 PM To: nanog@merit.edu Subject: Need BOGIES list Hello All. I'm having trouble with Cracking Attempts and DoS attacks from a lot of places in China :) My client doesn't do any business in that region so they don't mind If I block the entire sub-continent :) Does anyone have a bad-guy list (or part of one) that I can use to get started? I'm using pf under OpenBSD 3.7 as a firewall box. E-mailing me off line is fine geoffw
Re: Need BOGIES list
On Wed, 6 Jul 2005, Geoff White wrote: Hello All. I'm having trouble with Cracking Attempts and DoS attacks from a lot of places in China :) My client doesn't do any business in that region so they don't mind If I block the entire sub-continent :) Does anyone have a bad-guy list (or part of one) that I can use to get started? I'm using pf under OpenBSD 3.7 as a firewall box. IP blocks allocated to organizations in various countries (updated daily): http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/ Configuring firewall (openbsd way on the buttom, replace bogon example with appropriate other list you want): http://www.completewhois.com/bogons/using_bogon_lists.htm#firewall_examples CIDR -> firewall scripts for some systems (not needed for openbsd which accepts cidr ip block list directly with ph): http://www.completewhois.com/bogons/data/scripts/ P.S. Still looking for somebody to document and if necessary provide scripts on how to do it with netbsd, aix, hpux. Volunteers? (and I'll do solaris myself if I ever get around to it...) -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Need BOGIES list
On 7/6/05, Geoff White <[EMAIL PROTECTED]> wrote: > > Hello All. > I'm having trouble with Cracking Attempts and DoS attacks from a lot of > places in China :) > My client doesn't do any business in that region so they don't mind If I > block the entire sub-continent :) > Does anyone have a bad-guy list (or part of one) that I can use to get > started? > I'm using pf under OpenBSD 3.7 as a firewall box. > E-mailing me off line is fine > > > geoffw > > > DShield is a good one. http://www.dshield.org/block_list_info.php -- Mark Owen
Re: Need BOGIES list
On Wed, 6 Jul 2005, Geoff White wrote: > > Hello All. > I'm having trouble with Cracking Attempts and DoS attacks from a lot of > places in China :) > My client doesn't do any business in that region so they don't mind If I > block the entire sub-continent :) > Does anyone have a bad-guy list (or part of one) that I can use to get > started? > I'm using pf under OpenBSD 3.7 as a firewall box. data from blackholes.us may be useful. As luck would have it, I can't load their web page at the moment. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Need BOGIES list
You might start with blacklists. There's a lot of them out there. http://ahbl.org is one of them. Geoff White <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 07/06/2005 02:49 PM To nanog@merit.edu cc Subject Need BOGIES list Hello All. I'm having trouble with Cracking Attempts and DoS attacks from a lot of places in China :) My client doesn't do any business in that region so they don't mind If I block the entire sub-continent :) Does anyone have a bad-guy list (or part of one) that I can use to get started? I'm using pf under OpenBSD 3.7 as a firewall box. E-mailing me off line is fine geoffw