RE: directpc.com question... (deals with pf... )
Just wondering if anyone's ran into this before and has their IP blocks... -Original Message- From: jolan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 11:51 PM To: Shawn Mitchell Cc: [EMAIL PROTECTED] Subject: Re: directpc.com question... (deals with pf... ) On Wed, Dec 18, 2002 at 11:00:17PM -0600, Shawn Mitchell wrote: If the user wants to use their sat connection, you have to do one of two things. 1) know their IP Addresses that they give to their users. 2) don't block spoofed packets and hope a hacker dosn't take over one of your customers machines/servers and turn it into a zombe... Does everyone understand how those one way sat connections works now? I thought they had their own dial-up service to make this more manageable, or at least a proxy of some sort. Well, you have all the information on your end. I don't see how we can help you. Good luck. - jolan
RE: directpc.com question... (deals with pf... )
Anyone know what IP Addresses directpc.com uses? Directpc.com209.61.131.171 Trying 209.61.131 at ARIN OrgName:Rackspace.com OrgID: RSPC NetRange: 209.61.128.0 - 209.61.191.255 CIDR: 209.61.128.0/18 NetName:RSPC-NET-2 NetHandle: NET-209-61-128-0-1 Parent: NET-209-0-0-0-0 NetType:Direct Allocation NameServer: NS.RACKSPACE.COM NameServer: NS2.RACKSPACE.COM Comment: RegDate:2000-06-05 Updated:2000-09-05 TechHandle: ZR9-ARIN TechName: Rackspace, com TechPhone: +1-210-892-4000 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: ABUSE45-ARIN OrgAbuseName: Abuse Desk OrgAbusePhone: +1-210-892-4000 OrgAbuseEmail: [EMAIL PROTECTED] OrgTechHandle: IPADM17-ARIN OrgTechName: IPADMIN OrgTechPhone: +1-210-892-4000 OrgTechEmail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Re: directpc.com question... (deals with pf... )
On Wed, Dec 18, 2002 at 08:09:15PM -0600, Shawn Mitchell wrote: That's why I'm blocking those Winblows ports...I know what they are.. but it's just the pure number of full network scans attempted. well, that's what worms do. i can't say i'm surprised. I'm not talking about their website IP Address... your correct in that they have a modem for upstream, and that dish for downstream. i'm not talking about their website ip address either... If a packet with a source address that is not one of my IP Addresses or on RFC1918 tries to leave my internet interface... it's killed... I do that on purpose as I don't want broadband users having their machines turned to zombies, or their 12 year old kid finding a cool script. uh. how does this tie in with direcpc users? are direcpc users using your dial-up service for their upstream? Their site say's Earthlink... but they say their an Ecorp company or something... ecorp could be earthlink corporation... What happens if they are using RFC1918 addresses? I've been seeing a LOT of 10 dot traffic trying to exit... and also hit my DNS servers. they should be using direcpc's dial-up service, not yours. If their using 10 dot addresses (which is stupid), I'm ok with allowing it... IF I know all the places that it's suppose to goto. uh. how is it supposed to get delivered? most places drop packets destined for private networks. It just pisses me off when you spend an hour on their tech support line, and they say We can't give you those addresses for security reasons I'm just like.. ok.. my network.. I see all the traffic anyway... After that, he kept telling me that No, we're not blocking anything me: No, I need to know your IP Address's Blocks. They'll be something like a 1.2.3.4/20 or something like that him: No, we're not blocking any ip addresses if you see all the traffic, then do a lookup on arin.net to find the blocks allocated to them..? - jolan
Re: directpc.com question... (deals with pf... )
On Wed, Dec 18, 2002 at 11:00:17PM -0600, Shawn Mitchell wrote: If the user wants to use their sat connection, you have to do one of two things. 1) know their IP Addresses that they give to their users. 2) don't block spoofed packets and hope a hacker dosn't take over one of your customers machines/servers and turn it into a zombe... Does everyone understand how those one way sat connections works now? I thought they had their own dial-up service to make this more manageable, or at least a proxy of some sort. Well, you have all the information on your end. I don't see how we can help you. Good luck. - jolan