Re: Re[2]: Connection attempts

From: Michael S Scheidell (scheidell@Cerintha.com)
Date: 04/25/01

• Next message: Rasputin: "IPf fragment fix"
• Previous message: Anders Nordby: "Re: imap-uw"
• In reply to: Lee Smallbone: "Re[2]: Connection attempts"
• Next in thread: Kris Kennaway: "Re: Connection attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Apr 2001 08:04:38 -0400 (EDT)
From: Michael S Scheidell <scheidell@Cerintha.com>
To: freebsd-security@freebsd.org

>
> You should see my intrusion database... 93% from Korea, Taiwan and
> the likes. The rest from interesting places such as Hungaria. There
> is never any response from ISPs. Solution a) grin and bare it (is
> that really a solution though?). Solution b) actively firewall
> connections from these places (blanket bans are never a great idea
> though.)

mynetwatchman has contacts in koera. there is a 'cert' web site there (i
forget link) but hehas contacts at kornet and they host many of the
schools (where ths systems are mostly located)

>
> Solution c) anyone?

firewall china at least.
kills spam and if you use stealth mode, harasses spammers all in one step.

#china:
    $fwcmd add deny ip from 61.128.0.0/16 to any in via $oif
    $fwcmd add deny ip from 202.96.0.0/16 to any in via $oif
    $fwcmd add deny ip from 202.107.0.0/16 to any in via $oif
    $fwcmd add deny ip from 211.96.0.0/21 to any in via $oif
    $fwcmd add deny ip from 211.88.0.0/21 to any in via $oif
    $fwcmd add deny ip from 210.72.0.0/22 to any in via $oif
    $fwcmd add deny ip from 159.226.0.0/16 to any in via $oif
    $fwcmd add deny ip from 61.128.0.0/18 to any in via $oif
    $fwcmd add deny ip from 202.64.0.0/18 to any in via $oif
    $fwcmd add deny ip from 210.14.192.0/18 to any in via $oif
    $fwcmd add deny ip from 203.93.0.0/16 to any in via $oif
    $fwcmd add deny ip from 166.111.0.0/15 to any in via $oif
#HK:
# 203.168.128.0 - 203.168.159.255
    $fwcmd add deny ip from 203.168.128.0/17 to any in via $oif

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Rasputin: "IPf fragment fix"
• Previous message: Anders Nordby: "Re: imap-uw"
• In reply to: Lee Smallbone: "Re[2]: Connection attempts"
• Next in thread: Kris Kennaway: "Re: Connection attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPFW via command problem ... >> where xl1 is my external interface ... >> via ${oif} then it does allow them. ... ${fwcmd} add pass icmp from any to any via $ ... $add 200 deny all from any to 127.0.0.0/8 ... (freebsd-questions) outlook express, ipx and ftp :) ... $fwcmd add deny log ip from $inwr to any in via $oif ... >From deny to allow in order for the internal network to be able to acess ... (FreeBSD-Security) improve ipfw rules ... ${fwcmd} add 100 pass all from any to any via lo0 ... $add 200 deny all from any to 127.0.0.0/8 ... $add deny all from any to 10.0.0.0/8 via ${oif} ... $add pass tcp from any to any 80 setup ... (FreeBSD-Security) ipfw ... ${fwcmd} add 100 pass all from any to any via lo0 ... $add 200 deny all from any to 127.0.0.0/8 ... $add deny all from any to 10.0.0.0/8 via ${oif} ... $add pass tcp from any to any 80 setup ... (freebsd-isp) Re: natd port redirect ... ${fwcmd} add 100 pass all from any to any via lo0 ... $add divert natd all from any to any via ${oif} ... $add divert natd tcp from any to me 23 in via $ ... $add pass tcp from any to any 80 out via $setup keep-state ... (comp.unix.bsd.freebsd.misc)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint