Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Brian Micek <bmicek@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Thu, 06 Oct 2005 17:05:08 -0400
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
Attached are my scripts I generate in a cron job to block China and Korea if anyone is interested.&nbsp; I've observed the CIDRs to these countries change so it might be a good idea to have semi-recent copies. <BR>
<BR>
Brian <BR>
<BR>
On Thu, 2005-10-06 at 15:02 -0600, Kirk Hoganson wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Matan Peled said the following:</FONT>
<FONT COLOR="#000000">&gt; -----BEGIN PGP SIGNED MESSAGE-----</FONT>
<FONT COLOR="#000000">&gt; Hash: SHA1</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; William Kenworthy wrote:</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt;&gt;Can anyone comment whether IP spoofing (for hiding country of origin) is</FONT>
<FONT COLOR="#000000">&gt;&gt;common?  Seems quite unlikely - at least at the current state of things.</FONT>
<FONT COLOR="#000000">&gt;&gt;Is it even possible to tell (at the firewall interface?)</FONT>
<FONT COLOR="#000000">&gt;&gt;</FONT>
<FONT COLOR="#000000">&gt;&gt;BillK</FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; </FONT>
<FONT COLOR="#000000">&gt; I think that for hiding country of origin by IP spoofing is quite useless, at</FONT>
<FONT COLOR="#000000">&gt; least on the Internet (It might work on a single subnet, or if you pretend to be</FONT>
<FONT COLOR="#000000">&gt; another IP in your subnet, and then switches complicate it as well...)</FONT>
<FONT COLOR="#000000">&gt; </FONT>

<FONT COLOR="#000000">I think it depends on your purpose.  It is easy to get around, but </FONT>
<FONT COLOR="#000000">blocking whole ranges based on country could help cut down on the </FONT>
<FONT COLOR="#000000">vulerability scans that can be so annoying.  Our country does no </FONT>
<FONT COLOR="#000000">business with China, yet various subnets are frequently scanned from </FONT>
<FONT COLOR="#000000">addresses originating there.  Blocking those ranges would cause most of </FONT>
<FONT COLOR="#000000">them to move on.  It is likely that you already block whole invalid </FONT>
<FONT COLOR="#000000">subnets in your firewall rules anyway.</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>
Attachment:
block-cn.sh (application/shellscript)
Attachment:
block-kr.sh (application/shellscript)
Attachment:
undo-block-cn.sh (application/shellscript)
Attachment:
undo-block-kr.sh (application/shellscript)
Attachment:
signature.asc (This is a digitally signed message part)
References:
RE: [OT?] automatically firewalling off IPs
-- Tad Glines
Re: [OT?] automatically firewalling off IPs
-- Matan Peled
Re: [OT?] automatically firewalling off IPs
-- William Kenworthy
Re: [OT?] automatically firewalling off IPs
-- Matan Peled
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
RE: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
RE: [OT?] automatically firewalling off IPs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.