![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Querstion about Chinese IP addresses
From: Dean Freeman <wfreeman () sourcefire com>
Date: Mon, 12 Mar 2012 10:27:32 -0400
Miso, You can try http://www.countryipblocks.net/country-blocks/ for starters. Also, you can try verifying the location/owner of an IP via prefix whois. For example: $ whois -h whois.pwhois.org223.221.0.1 IP: 223.221.0.1 Origin-AS: 4134 Prefix: 223.220.0.0/15 AS-Path: 286 4134 AS-Org-Name: Beijing Org-Name: CHINANET Qinghai Province Network Net-Name: CHINANET-QH Cache-Date: 1330988780 Latitude: 36.000000 Longitude: 96.000000 City: QINGHAI Region: QINGHAI Country: CHINA On Mon, Mar 12, 2012 at 10:17 AM, Miso Patel <miso.patel () gmail com> wrote:
Does anyone have a good list of IP addresses allocated to China? I don't do any business there and I get so much Unsolicited/Malicious traffic from them that I am tired of it and want to block the whole country. Recently the sweet-and-sour SYN has gotten more sour.... I suppose I could block APNIC but I would like to leave India open. Sorry to spam the snort-sigs list, I just thought someone here may know. AFIK, Snorts/VRT doesn't maintain IP block rules like Emerging Threats (and I suppose if VRT did it would be 30 days delayed unless you paid so that isn't very useful for the community but some of the timely stuff on the Emerging Thetan list has come in handy but I digress....) To summ up, I am tired of China making passes at my systems, touching them inappropriately, and would like to implement a reverse Great Firewall of China. Please let me know off-list if you have a good set of known bad Chinese IPs. Thanks. -Miso, CISO ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- Dean Freeman Research Engineer Sourcefire VRT - Department of Intelligence
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Querstion about Chinese IP addresses Miso Patel (Mar 12)
- Re: Querstion about Chinese IP addresses Giles Coochey (Mar 12)
- Re: Querstion about Chinese IP addresses Dean Freeman (Mar 13)