Re: two attempted break-ins from Hong Kong & Italy
From: Leythos (void_at_nowhere.lan)
Date: 07/06/05
- Previous message: Terry Lomax: "Re: Partypoker.com is SPAM from India"
- In reply to: yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Next in thread: yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Reply:(deleted message) yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Jul 2005 00:11:33 GMT
In article <1120605844.133741.323880@g44g2000cwa.googlegroups.com>,
yarmfelder@yahoo.com says...
> Leythos wrote:
>
> > If you were smart, you would have your computer/network protected by a
> > border device
>
> We have a wireless router. It blocks virtually all ports, but not ssh
> since I use that. I could easily use a different port for ssh however.
A wireless router is just a router, not a firewall - NAT does not make
it a firewall. If you can, for personal use, run services on non-
standard ports. You should be using WallWatcher to log your traffic, so
you have a good idea of what ports are not being scanned on a regular
basis.
> > You would also
> > have a block list setup so that most IP's outside your own country are
> > blocked from inbound access to your network.
>
> How do you suggest doing that? Let's suppose that hypothetically
> I put .net .com .org in my hosts.allow. I'm under the impression
> there are foreign sites with those endings. Or, I don't have a list
> of which IP prefixes are for my region; where can I find one?
Notice I said IP, not names, I block foreign networks in my firewall,
but I have a firewall, you don't and there is no means to block IP lists
in your router.
If you get a firewall, not a cheap home NAT device, you can do a lot of
things that you can't with a router - like being able to use the
Firewall as a VPN end-point so that you don't have to use SSH, you can
just PPTP or setup an IPSec tunnel to it.
Here is a list of IP's that I block, this one is from 4/2005, but it's
current enough for government work :)
12.144.182.0/24
12.45.203.0/24
12.98.139.0/24
155.48.106.0/24
168.126.0.0/16
172.184.111.203
193.251.0.0/16
193.252.0.0/16
193.253.0.0/16
195.174.0.0/16
195.175.16.0/20
195.58.124.0/24
200.30.203.0/24
202.88.186.0/24
203.152.22.0/24
205.251.79.0/24
210.173.37.0/24
210.201.153.0/24
210.71.115.0/24
211.54.40.0/25
212.150.124.0/24
212.18.57.0/24
212.202.178.0/24
212.27.32.0-212.27.63.255
212.64.192.0-212.64.203.255
212.64.223.160/29
212.64.223.168/29
212.9.7.0/24
213.13.26.0/24
213.144.176.0/24
213.190.213.0/24
213.228.7.0/24
213.228.8.0/24
216.184.97.0/24
216.76.35.0/24
217.118.224.0/24
217.118.225.0/24
217.118.239.0/24
217.160.110.0/24
218.164.28.0/24
218.252.74.0/24
218.67.128.0-218.69.255.255
218.69.108.0/24
218.69.148.0/24
218.76.98.0/24
219.212.4.0/24
If you want to get serious, here is a list I got from a chap that I've
not implemented yet:
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
62.0.0.0/8
80.0.0.0/8
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
84.0.0.0/8
85.0.0.0/8
86.0.0.0/8
87.0.0.0/8
88.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
193.0.0.0/8
194.0.0.0/8
195.0.0.0/8
202.0.0.0/8
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
212.0.0.0/8
213.0.0.0/8
217.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
-- -- spam999free@rrohio.com remove 999 in order to email me
- Previous message: Terry Lomax: "Re: Partypoker.com is SPAM from India"
- In reply to: yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Next in thread: yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Reply:(deleted message) yarmfelder_at_yahoo.com: "Re: two attempted break-ins from Hong Kong & Italy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
