[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rogue Chinese crawler

The best way would be to block it at your router with an access list.
Blocking it at the box is ok too but that takes a little bit of your
resources.  And you have to do it on each box on your network you want
protected.  The router block will protect your entire network in one fell
swoop and cost your boxes no resources.

You can block just his ip address with a deny statement, or if he's scanning
from multiple ip's you can chunk his whole network.  But that ip
( is under a huge Seed-net /16.  You might end up blocking
legitimate traffic.  You can try to guess his local subnet mask and block
that, like a /27 or something.

On a related topic I've been receiving an enormous amount of spam coming
through Asian mx's.  Is there any effort underway to try and get these
people to lock down their networks?  We've got a bunch of rogue mailservers
over there.

At 05:32 PM 11/23/01 +0000, Martin WHEELER wrote:
>Is anyone else having problems with the robot from
>     openfind.com.tw
>-- an intrusive, irritating, hard-to-get-rid-of crawler that completely
>paralyses my system *every day*?
>Despite what I put in any robots.txt, this one disregards all rules and
>just jams up my system, downloading every damn' thing in sight.
>Mails to the owners are totally disregarded.
>Anyone know of a sure-fire robot killer under woody?
>Who should this thing be reported to to get it stopped?

PS, the first time around I accidently only sent this to debian-security. :)

                    ---=<REMEMBER THE WORLD TRADE CENTER>=---
                ___/`<               WTC 911               >`\___


Reply to: