[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have you been hacked by f*ck PoizonBOx?

On Sun, Jun 03, 2001 at 09:09:02PM +0200, Michelle Konzack wrote:
> Hello back,
> 
> it is an IP from AOL and they have too much IP's to blacklist it. 
> I have around 180 different IP's from it beginning with 172.x.x.x
just nullroute aol, you won't miss much interesting traffic that way
;)
btw: 172.16.0.0-172.32.255.255 are non-routable ip's, so i guess
they're outside that range?
> 
> The biggest problem is, that the same IP can be in the USA today and 
> in Germany tomorrow. (dynamic routing ???)
you could use something like snort and nullroute the ip's if snort
gives an alert, but are you sure they're not ip spoofing?
i.e. nullrouting the default gateway of your isp won't be very nice...

you could try
route add -net 172.0.0.0 netmask 255.0.0.0 dev lo to nullroute all
172.* ip's, and just add a route for the ip's you wanna reach inside
that range

-- 
,-------------------------------------------.
> Name:           Alson van der Meulen      <
> Personal:       alson@linuxfreak.nl       <
> School:       alson@gymnasiumleiden.nl    <
`-------------------------------------------'
You did what to the floppy???
---------------------------------------------
Reply to: