Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones <alan@xxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 16:21:59 -0500
On 19 Dec 2005 12:09:44 -0800, "prg" <rdgentry1@xxxxxxxxxxxxx>
wrote:
>
>Alan Jones wrote:
>> Here's the list. Please tell me what you think...
>> http://www.iana.org/assignments/ipv4-address-space
>>
>> On Mon, 19 Dec 2005 14:39:11 +1000, Wayne <4bu53@xxxxxxxxxxx> wrote:
>>
>> >Alan Jones wrote:
>> >> Thanks but I found the 'list' of IP ranges I needed. :)
>> >>
>> >
>> >You do also realise that the list may not be 100% accurate. Those IP
>> >assigned may have been through a 3rd party acting as a broker for a
>> >non-US party.
>
>If you are trying to cut down on spam, try SpamAssassin.
>http://spamassassin.apache.org/
Not reliable and a hassle.
>If you're trying to add security to your network, harden your firewall
>and tighten down your firewall rules. Review your logs. Deny _all_
>connections except the ones you invite.
Really? What do you think I'm doing.
>The list you have might be somewhat useful (for something) if
>_everyone_ conformed to its intent.
Nope. What I'm doing applies to my server alone.
>The ones you are trying to keep out are the ones who don't.
Brilliant.
>Packets are routed by _destination_ and _not_by_source_ addresses.
>Spam will 99.9999999999% of the time have a bogus IP return address
>_except_ for an embedded link of some kind, ie., a connection you
>_invite_ into your site.
With my setup, only bogus 'domestic' or North American IP's
can connect. That's a very big help.
>Your "solution" has been proposed and tried by countless numbers of
>those unknowledgeable in the ways of routing across the net. It's a
>waist of time and firewall resources. It promotes an unfounded sense
>of "increased security" -- perhaps the most detrimental and dangerous
>thing for _any_ network.
Again, it only affects my server and it's working great.
>Check here for some rather disturbing insight into how even
>"unroutable" IPs are loose on the net:
>
>http://www.completewhois.com/bogons/
>[q]
>Bogons is the name used to describe ip blocks not allocated by IANA and
>RIRs to ISPs and organizations plus all other ip blocks that are
>reserved for private or special use by RFCs (the actual term "bogons"
>comes from word "bogus", as in bogus ip announcements). As these ip
>blocks are not allocated or specially reserved, such ip blocks should
>not be routable and used on the internet, however some of these ip
>blocks do appear on the net primarily used by those individuals and
>organizations that are often specifically trying to avoid being
>identified and are often involved in such activities as DoS attacks,
>email abuse, hacking and other security problems. These activities
>obviously pose great danger to everyone and ***ISPs***[emphasis added]
>should try to filter all these bad ip routes and we are trying to help
>in that by working to create complete detailed list of unassigned bogon
>ips based on whois data.
>[eq]
>http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
>http://www.completewhois.com/bogons/bogons_usage.htm
>http://www.completewhois.com/hijacked/index.htm
>http://www.completewhois.com/bogons/ipwhois_data_analysis.htm
>http://www.completewhois.com/bogons/data/ <-- the current data
>http://www.completewhois.com/statistics/index.htm <-- stats re: your
>IANA list
>http://www.completewhois.com/statistics/country_statistics.htm
>http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/
>http://www.completewhois.com/rbl_lookup.htm
I had already looked at that, and it was a contributing factor
for the solution I've chosen.
>ISPs have (or should have) the resources to filter these problems
>_without_ crippling the flow of legitimate traffic. You do not.
I have available to me all the resources in existence for the
complete and total control of my server.
>Note
>that even this effort has been something less than a stellar success.
>And the idea of blocking out the _world_ at large (non-US) makes the
>net rather pointless, don't you think?
No it doesn't. My server doesn't need to have access to every
part of the globe.
>The most successful(?)/used approach is to use RBLs and DNSBLs
>(black/block lists) of "known" or suspected spammers or even netblocks
>without DNS ptr records. Try these:
>
>http://www.completewhois.com/rbl_lookup.htm
>http://openrbl.org/
>http://wiki.openrbl.org/wiki/Main_Page
>http://www.nl.sorbs.net/ <-- a _very_ aggressive black list
>http://spamblock.outblaze.com/spamchk.html
>http://www.dnsstuff.com/tools/ip4r.ch?ip=you.rIP.add.res
>EGs.,
>http://www.dnsstuff.com/tools/ip4r.ch?ip=24.204.27.78 <-- a bogon that
>I chased last year
>http://groups.google.com/groups?hl=en&lr=lang_en&ie=ISO-8859-1&q=cablelynx.com&btnG=Search&meta=group%3Dnews.admin.net-abuse.sightings
>[Yes, even google helps in a chase]
>
>Additional info:
>http://www.abuse.net/
>http://spam.abuse.net/userhelp/
>http://www.arin.net/reference/index.html
>
>This barely scratches the surface ;-(
>
>good luck,
I solved the problem late yesterday evening. All is well.
>prg
.
- References:
- IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Felix Tilley
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Wayne
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: prg
- IP ranges used in North America, Hawaii, and Alaska?
- Prev by Date: Re: IP ranges used in North America, Hawaii, and Alaska?
- Next by Date: Re: IP ranges used in North America, Hawaii, and Alaska?
- Previous by thread: Re: IP ranges used in North America, Hawaii, and Alaska?
- Next by thread: Re: IP ranges used in North America, Hawaii, and Alaska?
- Index(es):
Relevant Pages
|
