[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cracking attempt

On Mon, 24 Feb 2003 12:07, Mark Lijftogt wrote:
> In comparisin with a mail adress probe, wich I recive 30 times a day if I
> don't completly block a couple of hongarian and chinese ISP's, the domain
> is useless for any commercial form, and does harm me in a financial way if
> I realy don't do anything about it.

Below is part of my blocking list from one server.  The entries below were all 
put in as a direct result of spam.  In the case of Kornet and chinanet every 
time they spammed me I blocked the netblock in question.  I probably haven't 
blocked all of those ISPs, just the parts that spam me excessively.

The DNSBL services work well for most spammers, but some of those big Asian 
ISPs just have too many IP addresses for them to work well for anything other 
than blanket blocking.

# stop this machine from emailing crap to us
ipchains -A input -l -j DENY -s 195.188.16.215

# kornet is a spam haven 61.72.0.0 - 61.77.255.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 61.72.0.0/14 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 61.76.0.0/15 -d 0.0.0.0/0 smtp
# kornet is a spam haven 211.197.188.0-211.197.200.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.197.188.0/22 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 211.197.192.0/21 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 211.197.200.0/24 -d 0.0.0.0/0 smtp
# kornet is a spam haven 211.194.106.64-211.194.106.127 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.194.106.64/26 -d 0.0.0.0/0 smtp
# kornet is a spam haven 211.217.138.0-211.217.143.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.217.138.0/23 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 211.217.140.0/22 -d 0.0.0.0/0 smtp
# kornet is a spam haven 211.229.24.0-211.229.36.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.229.24.0/21 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 211.229.32.0/22 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 211.229.36.0/24 -d 0.0.0.0/0 smtp
# kornet is a spam haven 211.48.62.0-211.48.63.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.48.62.0/23 -d 0.0.0.0/0 smtp
# chinanet.net is a spam haven 202.98.32.0-202.98.63.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 202.98.32.0/19 -d 0.0.0.0/0 smtp
# hananet is a spam haven 211.200.118.0-211.200.119.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 211.200.118.0/23 -d 0.0.0.0/0 smtp
# chinanet.net is a spam haven 218.75.128.0 - 218.77.127.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 218.75.128.0/16 -d 0.0.0.0/0 smtp
ipchains -A input -l -j REJECT -p tcp -s 218.76.128.0/15 -d 0.0.0.0/0 smtp
# chinanet.cn.net is a spam haven 61.163.224.128 - 61.163.224.135 blocked
ipchains -A input -l -j REJECT -p tcp -s 61.163.224.0/24 -d 0.0.0.0/0 smtp
# chinanet.cn.net is a spam haven 218.6.0.0 - 218.6.127.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 218.6.0.0/17 -d 0.0.0.0/0 smtp
# chinanet.cn.net is a spam haven 218.28.0.0 - 218.29.255.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 218.28.0.0/15 -d 0.0.0.0/0 smtp
# korea.com is a spam haven 210.221.83.0-210.221.83.255 blocked
ipchains -A input -l -j REJECT -p tcp -s 210.221.83.0/24 -d 0.0.0.0/0 smtp

# stop this broken Chinese web crawler from attacking us
ipchains -A input -l -j DENY -s 139.175.250.0/24
# stop the stupid naver-mailer from attacking us
ipchains -A input -l -j DENY -p tcp -s 211.218.150.0/24 -d 0.0.0.0/0 smtp

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: