Re: two attempted break-ins from Hong Kong & Italy

From: Leythos (void_at_nowhere.lan)
Date: 07/06/05


Date: Wed, 06 Jul 2005 00:11:33 GMT

In article <1120605844.133741.323880@g44g2000cwa.googlegroups.com>,
yarmfelder@yahoo.com says...
> Leythos wrote:
>
> > If you were smart, you would have your computer/network protected by a
> > border device
>
> We have a wireless router. It blocks virtually all ports, but not ssh
> since I use that. I could easily use a different port for ssh however.

A wireless router is just a router, not a firewall - NAT does not make
it a firewall. If you can, for personal use, run services on non-
standard ports. You should be using WallWatcher to log your traffic, so
you have a good idea of what ports are not being scanned on a regular
basis.

> > You would also
> > have a block list setup so that most IP's outside your own country are
> > blocked from inbound access to your network.
>
> How do you suggest doing that? Let's suppose that hypothetically
> I put .net .com .org in my hosts.allow. I'm under the impression
> there are foreign sites with those endings. Or, I don't have a list
> of which IP prefixes are for my region; where can I find one?

Notice I said IP, not names, I block foreign networks in my firewall,
but I have a firewall, you don't and there is no means to block IP lists
in your router.

If you get a firewall, not a cheap home NAT device, you can do a lot of
things that you can't with a router - like being able to use the
Firewall as a VPN end-point so that you don't have to use SSH, you can
just PPTP or setup an IPSec tunnel to it.

Here is a list of IP's that I block, this one is from 4/2005, but it's
current enough for government work :)

12.144.182.0/24
12.45.203.0/24
12.98.139.0/24
155.48.106.0/24
168.126.0.0/16
172.184.111.203
193.251.0.0/16
193.252.0.0/16
193.253.0.0/16
195.174.0.0/16
195.175.16.0/20
195.58.124.0/24
200.30.203.0/24
202.88.186.0/24
203.152.22.0/24
205.251.79.0/24
210.173.37.0/24
210.201.153.0/24
210.71.115.0/24
211.54.40.0/25
212.150.124.0/24
212.18.57.0/24
212.202.178.0/24
212.27.32.0-212.27.63.255
212.64.192.0-212.64.203.255
212.64.223.160/29
212.64.223.168/29
212.9.7.0/24
213.13.26.0/24
213.144.176.0/24
213.190.213.0/24
213.228.7.0/24
213.228.8.0/24
216.184.97.0/24
216.76.35.0/24
217.118.224.0/24
217.118.225.0/24
217.118.239.0/24
217.160.110.0/24
218.164.28.0/24
218.252.74.0/24
218.67.128.0-218.69.255.255
218.69.108.0/24
218.69.148.0/24
218.76.98.0/24
219.212.4.0/24

If you want to get serious, here is a list I got from a chap that I've
not implemented yet:

58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
62.0.0.0/8
80.0.0.0/8
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
86.0.0.0/8
87.0.0.0/8
88.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
193.0.0.0/8
194.0.0.0/8
195.0.0.0/8
202.0.0.0/8
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
212.0.0.0/8
213.0.0.0/8
217.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8

-- 
-- 
spam999free@rrohio.com
remove 999 in order to email me


Relevant Pages

  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)
  • Re: FIREWALL- worth the effort ?
    ... I only use internet intermitently and "pull the plug out" ... Do you have a home Cable/DSL Router? ... forward any ports from the outside world to your Macthrough ... The other function of a firewall is to prevent out bound ...
    (comp.sys.mac.system)
  • Re: adsl router security
    ... ]>used the virtual server feature to route packets on ports 21 and 80 to the ... ]>running ssh and mysqld but no other network services. ... if you can if the router is programable ... Remember all a firewall does is to prevent certain packets getting ...
    (comp.os.linux.security)