[K12OSN] How do I stop attempted logins

"Terrell Prudé, Jr." microman at cmosnetworks.com
Wed Mar 23 03:38:22 UTC 2005 

Actually, you want to block a bit more than that.  This is the entire 
list of Asia/Pacific IP address ranges, from APNIC at 
http://www.apnic.net/db/ranges.html:

58.0.0.0/7
60.0.0.0/7
124.0.0.0/7
126.0.0.0/8
169.208.0.0/12
196.192.0.0/13
202.0.0.0/7*
210.0.0.0/7
218.0.0.0/7
220.0.0.0/7
222.0.0.0/8

This is what I block on my servers for TCP 22.  I don't do it for DNS or 
email because I don't want to block legit email from Asia/Pacific; I'm 
working on other methods to stop spammers.  Also, on my Web server, I 
don't block TCP 80, since I *want* people anywhere to be able to access 
it.  Whether you block specific TCP or UDP ports, or all of them, from 
certain places depends on your specific application.  Of course, for the 
K12LTSP servers, those are on the LAN protected by a NAT'ing firewall, 
so nobody but folks on the internal network can get to them anyway.  :-)

And though I don't have a doctorate in *anything*, the proposed rule of 
"-A INPUT -s 200.0.0.0/2 -j DROP" might not be what you want.  First, 
you'll be blocking stuff outside Asia/Pacific, e. g. 204.0.0.0/6 and 
208.0.0.0/7, which includes Verio, the DoD NIC, and many others.  
Second, that subnet mask means "everything from 192.0.0.0 to 
255.255.255.255.  Now, if you really want to block a quarter of the 
Internet from *all* communications with your host(s), then that's the 
rule that you want.  If not, then consider the above list.

--TP

Dr. Daniel Loomis wrote:

>Thanks for the advice.  I have added the following rules to
>/etc/sysconfig/iptables to slow down the Asian hordes:
>
>-A INPUT -s 200.0.0.0/8 -j DROP
>-A INPUT -s 202.0.0.0/8 -j DROP
>-A INPUT -s 210.0.0.0/8 -j DROP
>-A INPUT -s 211.0.0.0/8 -j DROP
>-A INPUT -s 212.0.0.0/8 -j DROP
>-A INPUT -s 221.0.0.0/8 -j DROP
>-A INPUT -s 222.0.0.0/8 -j DROP
>
>My Doctorate is in Theology, not computer science, so I have only
>passing acquaintance with subnetting rules.  However, if I understand
>correctly, it seems I could replace the above with a single rule like
>the following:
>
>-A INPUT -s 200.0.0.0/2 -j DROP
>
>Would the above rule block all subnets in the range 200.0.0.0 to
>255.0.0.0 or is there another way to declare the whole subnet?
>
>Daniel
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>  
>


-- 
_____________________
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it 
out! <http://www.mozilla.org/thunderbird>

More information about the K12OSN mailing list