nanog mailing list archives
Re: de-peering for security sake
From: Stephen Satchell <list () satchell net>
Date: Fri, 25 Dec 2015 07:35:00 -0800
On 12/25/2015 06:18 AM, Mike Hammett wrote:
To the thread, not necessarily Daniel, if blocking countries\continents is a bad thing (not saying I disagree), how do you deal with the flood of trash? Just take it on the chin? The degree of splash damage by blocking this way will vary based uponwhat kind of network you are. Residential eyeballs? You could probably block most of a lot of things and people wouldn't notice or care, as long as it wasn't Google, Facebook, Netflix, etc.
In my networks, different users have different requirements. So I have to be careful in my ACLs to allow what they need, while reducing access by those who view the Internet as a sewer, and not as a privilege. (Used to be a BOFH in the NSF days.)
So my blocking list has grown, as I have identified bad actors from the information in my logs. Keeping in mind that people with one bad habit will most likely have other bad habits as well, I keep it simple: if you don't play nice, you are blocked at the demarc.
For of the majority of my users, I provide access behind a router with the block list shown below. For those customers who want an unblocked feed, I provide that by having the edge bypass the filtering router. (No one has asked yet for custom filters -- 1841s are cheap and easy, and don't take much power.)
I don't intend to provide this list for others to use. I provide this list as an example of how I exercise my right of Internet Freedom of Assocation, and keep my own network safe from intruders. Abuse reports? I've given up on them, frankly. My logs don't include enough information for some admins, so they drop my reports without further comment. When there is an admin listed.
The nice thing about IPTABLES is that I can pull a report, if I want to, of which of these blocks are still generating traffic. As we go farther down the IPv4-split road, I may just set up a database of the blocks, and monitor the traffic to see which ones have gone silent and thus can be removed. Or not -- that's a lot of work and time, both of which I can direct to activities that bring in revenue.
1.93.34.222/32 china ssh abuser 2014 August 5.79.75.0/24 netherlands spam 2015 January 8.27.235.155 Microsoft 2015 September 14.139.172.0/24 india ssh abuser 2015 April 23.19.26.250 ubiquityservers.com ssh 2015 January 23.90.39.0/24 eonix.net spam 2014 October 23.90.51.0/24 eonix.net spam 2014 October 23.227.196.0/24 Swiftway.com spammer 2014 October 23.228.74.0/24 globalfrag.com spam 2015 January 23.228.78.0/24 Blanckeart (NY) spam 2014 September 23.228.96.0/24 globalfrag.com spam 2015 January 23.228.103.0/24 spam 2015 April 23.229.2.0/24 servermania.com spam 2015 January 23.229.97.0/24 servermania.com spam 2015 January 23.247.12.0/24 globalfrag.com spam 2015 January 23.254.59.0/24 spam 2015 April 31.184.194.114 russia ssh 2015 January 36.72.228.0/24 India ssh abuser 2014 October 38.113.188.0/24 cogent.net spam 2015 January 41.186.0.0/16 Rwanda ssh 2015 May 43.229.52.0/24 unknown ssh 2015 May 43.229.53.0/24 unknown ssh 2015 September 43.255.189.0/24 unknown ssh 2015 June 46.166.136.0/24 spam 2015 April 46.166.189.0/24 spam 2015 April 50.2.0.0/15 eonix.net spam 2014 October 50.7.38.0/24 fdcservers.net spam 2015 January 50.162.224.109 comcast.net ssh 2015 January 52.28.227.79 amazonaws ssh 2015 September 58.208.0.0/12 china ssh abuser 2015 May 58.217.106.0/24 china ssh 2014 November 58.218.166.241/24 china ssh abuser 2015 April 58.218.204.241/24 china ssh abuser 2015 April 60.173.8.0/24 china shellshock 2014 September 60.173.9.0/24 china shellshock 2014 September 60.173.10.0/24 china shellshock 2014 September 60.173.11.0/24 china shellshock 2014 September 60.173.14.0/24 china shellshock 2014 September 60.173.26.0/24 china shellshock 2014 September 60.174.233.0/24 china shellshock 2014 September 60.184.82.0/24 china spam 2014 October 61.153.105.0/24 china ssh abuser 2014 August 61.153.110.0/24 china ssh abuser 2014 August 61.174.49.0/24 china smtp abuser 2014 August 61.174.50.0/24 china ssh abuser 2014 August 61.174.51.0/24 china ssh abuser 2014 August 61.168.229.114/24 china ssh abuser 2015 February 62.210.78.0/24 french ssh abuser 2014 October 63.223.110.0/24 sentris.com spam 2014 October 64.4.54.253 Microsoft 2015 September 64.16.210.0/23 sagonet.com spam 2015 January 66.37.4.0/24 omnis.com mail 2014 October 66.70.34.113 superfish 2015 May 66.148.122.0/24 superb.net spam 2015 January 66.55.93.168/29 gigenet.com spam 2014 October 68.233.128.0/20 yesmail.com spam 2014 October 69.58.3.0/24 spam 2015 April 69.60.127.172 slantcoil.info 2014 August 69.65.41.30/32 online market media 2014 August 69.65.46.56/29 online market media 2014 August 69.65.53.0/24 Hd-gaming.com spam 2015 January 69.168.184.210 xplornet.com ssh 2015 January 70.39.86.0/24 spam 2015 April 70.39.122.0/24 sharktech.net spam 2015 January 71.245.177.204 Verizon ssh 2015 July 74.208.0.0/16 1on1 mail abuse 2014 October 75.99.22.136/29 NY ssh abuse 2014 August 75.140.42.118 china nmap 2014 August 76.191.64.0/18 vanoppen.biz spam 2014 October 76.191.112.0/22 sentris.com spam 2014 October 78.129.180.0/24 rapidswitch.com spam 2015 January 78.138.127.0/24 poland spam 2015 January 79.142.65.0/24 Netherlands spam 2014 October 80.82.66.0/24 netherlands spam 2015 January 80.82.70.0/24 Spybot proxy abuse 2014 August 80.82.79.0/24 Spybot proxy abuse 2014 August 80.242.123.0/24 Boznia ssh abuse 2015 May 82.102.176.0/21 ssh abuse 2015 June 83.234.174.0/24 Charger ssh 2015 September 86.34.224.0/24 Romania spam 2014 October 89.248.172.0/24 Netherlands shellshock 2014 September 93.174.89.0/24 netherlands spam 2015 January 95.211.155.0/24 Netherlands spammer 2014 October 95.211.158.0/24 leaseweb.com spam 2014 October 95.211.197.0/24 leaseweb.com spam 2014 October 103.6.151.0/24 Signapore ssh 2015 September 103.41.124.0/24 Hong Kong ssh abuser 2015 March 103.252.99.0/24 relay.pttag.com spam 2014 October 104.36.86.0/24 servercrate.com spam 2015 January 104.140.56.0/24 spam 2015 April 104.148.71.0/24 domain phising spam 2015 May 106.4.0.0/14 china spammer 2014 October 107.158.0.0/16 eonix.net spam 2014 October 107.182.141.0/24 cloudshards.com spam 2015 January 108.168.211.0/24 softlayer.com spam 2014 October 109.63.0.0/16 WiMax core ssh abuser 2015 May 109.161.128.0/18 WiMax ssh abuser 2015 May 109.161.192.0/18 WiMax ssh abuser 2015 May 109.169.75.64/24 belfast ssh abuser 2015 February 110.76.47.0/24 china ssh abuser 2014 October 111.1.46.125/24 china ssh abuser 2015 April 111.74.238.0/24 china ssh abuser 2014 October 111.192.0.0/12 china ssh abuser 2015 June 112.93.254.128/29 china smtp abuser 2014 August 113.106.63.0/24 china ssh abyser 2014 September 113.163.32.0/19 vietnam ssh abuser 2015 December 113.171.10.0/24 vietnam ssh abuser 2014 August 115.153.142.0/23 china spammer 2014 October 115.239.228.14/24 china ssh abuser 2015 February 115.239.248.0/24 china ssh abuset 2014 October 116.10.191.0/24 china ssh abuser 2014 August 117.21.173.0/24 china ssh 2015 January 117.21.191.0/24 china ssh abuser 2014 October 117.27.158.0/24 china ssh abuser 2014 October 117.224.0.0/16 WiMax ssh abuser 2015 May 117.235.194.0/24 india spammer 2014 October 117.244.0.0/16 WiMax ssh abuser 2015 May 117.245.0.0/18 WiMax ssh abuser 2015 September 117.245.64.0/19 WiMax ssh abuser 2015 September 117.253.0.0/16 WiMax ssh abuser 2015 May 117.255.208.0/20 WiMax ssh abuser 2015 May 117.255.224.0/19 WiMax ssh abuser 2015 May 118.123.166.0/24 china ssh abuser 2015 April 121.12.109.0/24 china mail-relay 2015 January 122.224.32.0/24 china ssh abuser 2014 October 122.225.97.64/26 china ssh abuser 2014 October 122.225.103.0/24 china ssh abuser 2014 December 122.225.109.0/24 china ssh abuser 2014 August 122.226.102.0/23 china ssh abuser 2014 October 122.231.69.0/24 china spammer 2014 October 123.157.150.0/24 china ssh abuser 2014 October 123.242.229.75/24 hong kong ssh abuser 2015 February 124.35.69.0/24 Japan ssh 2015 January 134.19.180.0/24 netherlands spam 2015 January 144.0.0.0/24 china ssh abuser 2014 August 153.120.25.0/24 japan ssh abuser 2014 September 162.217.99.0/24 Internap spam 2014 October 162.219.27.0/24 alnitech.com spammer 2014 October 162.221.201.0/24 esecuredata spammer 2014 October 162.246.57.0/24 spam 2015 April 162.246.58.0/24 spam 2015 April 162.250.120.0/21 spam 2015 June 162.251.160.0/24 1gservers.com 2014 October 171.111.153.0/24 china ShellShock 2014 October 173.44.157.0/24 serverhub.com spam 2015 January 173.22.177.0/24 spam 2015 April 173.44.253.0/24 spam 2015 April 173.45.90.0/24 ee.net spammers 2014 October 173.213.70.224/27 falldare.net 2014 August 173.213.94.0/24 spam 2015 April 173.213.100.0/24 eonix.net spam 2015 January 173.213.103.224/27 slantcoil.info 2014 August 173.224.121.0/24 spam 2015 April 173.224.123.0/24 dedicatedserver4u spam 2014 October 173.224.126.0/24 dedicatedserver4u spam 2014 October 173.232.112.0/24 learn2speak.info 2014 October 173.232.249.0/24 eonix.net spam 2015 January 173.244.147.0/24 spam 2015 April 175.101.0.0/16 excellmedia.net india 2014 August 176.51.227.0/24 russian spam 2014 October 177.54.144.57 eonix.net ssh 2015 January 178.251.230.0/24 spam 2015 April 183.57.57.0/24 china SSH abuser 2014 October 185.42.240.32/24 ssh 2015 April 183.82.10/24 India SSH abuser 2014 October 184.170.244.0/24 coloat.com 2014 October 185.44.107.0/24 spam 2015 April 186.216.247.0/24 Brazil ssh 2015 September 186.216.249.0/24 Brazil ssh 2015 September 186.216.250.0/24 Brazil ssh 2015 September 186.216.251.0/24 Brazil ssh 2015 September 188.40.248.0/24 German spammer 2014 October 188.234.136.0/22 Russia ssh 2015 September 193.107.16.0/24 Seychelles ssh abuser 2014 August 192.3.108.0/24 colocrossing.com spam 2014 October 193.104.41.53/24 modolvia ssh abuse 2015 April 198.89.90.0/24 spam 2015 April 199.34.124.0/24 baremetalcloud.com spam 2014 October 199.115.228.0/22 VolumeDrive spam 2014 October 199.182.161.0/24 serverel.net 2014 October 199.189.115.71/24 Antigua and Barbuda SSH 2015 February 199.202.216.0/24 spam 2015 April 200.30.170.0 Nicaragua SSH 2015 January 200.162.4.0/26 Brazil spam (exe) 2014 October 202.85.213.203/24 China ssh abuser 2015 February 202.137.9.53/24 link.net.id ssh 2015 January 202.137.225.0/24 ssh 2015 April 202.109.143.0/24 china ssh abuser 2014 October 202.146.220.0/24 hong kong domain phish 2015 May 204.45.208.0/24 fdcservers.net spam 2015 January 206.222.18.0/24 ee.net spam 2015 January 208.94.21.0/24 E-dialog.com spam 2015 January 208.94.244.144/28 joedatacenter.com spam 2014 October 209.95.38.0/24 mpcustomer.com spam 2014 October 209.95.40.0/24 spam 2015 April 209.160.24.0/24 hopone.net spam 2015 January 210.32.200.0/21 China ssh 2015 December 210.211.118.0/24 Vietnam ssh abuse 2015 December 213.163.66.0/24 netherlands spam 2015 January 211.143.243.0/24 china ssh abuser 2014 August 213.163.66.0/24 netherlands spam 2015 January 213.163.72.0/24 i3d.net spammer 2014 October 216.77.79.0/24 china nmap 2014 August 216.99.158.150/24 psychz.net ssh abuse 2015 March 218.2.0.0/16 china ssh abuser 2014 October 218.3.0.0/16 china ssh abuser 2015 December 218.4.0.0/16 china ssh abuser 2015 December 218.64.0.0/16 china ssh abuser 2015 July 218.65.0.0/17 china ssh abuser 2015 July 218.199.144.0/24 china ssh abuser 2015 November 219.138.135.0/24 china ssh abuser 2014 August 219.141.254.244/24 china ssh abusert 2015 April 220.163.0.0/16 china domain phishing 2015 May 220.164.0.0/16 china domain phishing 2015 May 220.165.0.0/16 china domain phishing 2015 May 220.177.198.0/24 china ssh abuser 2014 October 220.184.0.0/16 china ssh abuser 2015 May 220.185.0.0/16 china ssh abuser 2015 May 220.186.0.0/16 china ssh abuser 2015 May 220.187.0.0/16 china ssh abuser 2015 May 220.188.0.0/16 china ssh abuser 2015 May 220.189.0.0/16 china ssh abuser 2015 May 220.190.0.0/16 china ssh abuser 2015 May 220.191.0.0/16 china ssh abuser 2015 May 221.194.47.0/24 china ssh abuser 2014 October 221.224.0.0/13 china ssh abuser 2015 May 221.229.160.223/24 china ssh abuser 2015 April 221.229.160.241/24 china ssh abuser 2015 April 221.235.188.0/24 china ssh abuser 2014 November 222.34.30.0/24 china shellshock 2014 November 222.163.192.0/24 china ssh abuser 2014 August (2014 Sep) 222.184.0.0/13 china ssh abuser 2015 May 223.73.110.0/24 china spam 2015 January
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Jared Mauch (Dec 26)
- Re: de-peering for security sake Suresh Ramasubramanian (Dec 24)
- Re: de-peering for security sake Owen DeLong (Dec 24)
- Re: de-peering for security sake Suresh Ramasubramanian (Dec 24)
- Re: de-peering for security sake Hugo Slabbert (Dec 26)
- Re: de-peering for security sake Colin Johnston (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 24)
- Re: de-peering for security sake Nick Hilliard (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Mike Hammett (Dec 25)
- Re: de-peering for security sake Stephen Satchell (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Daniel Corbe (Dec 25)
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Message not available
- Re: de-peering for security sake Owen DeLong (Dec 25)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Stephen Satchell (Dec 26)
- Re: de-peering for security sake Baldur Norddahl (Dec 26)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Joe Abley (Dec 26)
- Re: de-peering for security sake William Waites (Dec 26)