I''m currently getting a huge number of (failed) attempts to access my home server at UDP port 27845. I think most if not all the attacks come from China or Korea. I see there is a list of Chinese and Korean networks at <http://www.countryipblocks.net/country-blocks/>. Is there a standard way of using such a list in shorewall? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
On Jan 5, 2012, at 3:37 PM, Timothy Murphy wrote:> I''m currently getting a huge number of (failed) attempts > to access my home server at UDP port 27845. > I think most if not all the attacks come from China or Korea. > > I see there is a list of Chinese and Korean networks > at <http://www.countryipblocks.net/country-blocks/>. > > Is there a standard way of using such a list in shorewall? >No. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
Timothy Murphy wrote:>Is there a standard way of using such a list in shorewall?This thread may be of interest : http://sourceforge.net/mailarchive/message.php?msg_id=28547424 -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
Simon Hobson wrote:>>Is there a standard way of using such a list in shorewall? > > This thread may be of interest : > http://sourceforge.net/mailarchive/message.php?msg_id=28547424Thanks very much. I''ll wait a couple of days, and if the attacks continue I''ll try it out. I''d be very interested to know if Tom Eastep approves or disapproves of this script ... -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College Dublin ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
I download an ip country list. By using a menu system I can enter the country TLD and block all of the ip address'' listed for it. I parse the list for the country I wish to block then create a blacklist for Shorewall from that list. I also can do class A-C, or a /32 the same way. I block only port 25 access this way. It is a bit low tech but my spam count has dropped quite a bit. Shorewall is the my first line network protection. I have used it for years -- still a novice. --john -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Friday, January 06, 2012 12:00 AM To: gayleard@eircom.net; Shorewall Users Subject: Re: [Shorewall-users] Blocking countries with shorewall On Jan 5, 2012, at 3:37 PM, Timothy Murphy wrote:> I''m currently getting a huge number of (failed) attempts to access my > home server at UDP port 27845. > I think most if not all the attacks come from China or Korea. > > I see there is a list of Chinese and Korean networks at > <http://www.countryipblocks.net/country-blocks/>. > > Is there a standard way of using such a list in shorewall? >No. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
On Fri, 2012-01-06 at 12:34 +0100, Timothy Murphy wrote:> > I''d be very interested to know if Tom Eastep approves or disapproves > of this script ...Personally, I disapprove of the whole concept of country blocking but that''s just my personal opinion. If I were to implement country blocking, I would use an ipset rather than a long chain of blacklist rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
I do an ipsett. I failed to mention that. As list is way, way too slow. I can agree a whole country is over kill, but I don''t know anyone in Bhutan, and I have a full closet of Viagra. :-) --john John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Friday, January 06, 2012 10:22 AM To: gayleard@eircom.net; Shorewall Users Subject: Re: [Shorewall-users] Blocking countries with shorewall On Fri, 2012-01-06 at 12:34 +0100, Timothy Murphy wrote:> > I''d be very interested to know if Tom Eastep approves or disapproves > of this script ...Personally, I disapprove of the whole concept of country blocking but that''s just my personal opinion. If I were to implement country blocking, I would use an ipset rather than a long chain of blacklist rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
On Fri, Jan 06, 2012 at 08:27:16AM -0500, Hill, John wrote:> > I block only port 25 access this way. It is a bit low tech but my spam > count has dropped quite a bit. >I use this approach: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt I find it works very well. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don''t need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox