Re: [SLUG] Blacklisting bad guys.

From: Chris Mathey (slug@mathey.org)
Date: Fri Feb 02 2007 - 14:12:48 EST


Eben King wrote:
> On Fri, 2 Feb 2007, Todd Patton wrote:
>
>> I run a vsftp server for several users and clients of my work and I keep
>> getting hits for account "administrator" password <guess>. These usually
>> happen all night long from Asia Pacific networks, until I get to work in
>> the morning and add the ip-address to the firewall black list. This just
>> annoys the hell out of me. Is there a way to automatically add an ip
>> address to the host.deny file when someone tries to log into ftp using
>> "administrator" as a user name? Any suggestions on automatically
>> blacklisting these obvious scripts?
>>
>
> Black-hole the entire */8 unless you have prior valid logons from there?
>
How about all of Asia-Pac ? ;p
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
169.208.0.0/12
202.0.0.0/8*
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8

http://www.apnic.net/db/ranges.html
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:11:26 EDT