de-peering for security sake
Stephen Satchell
list at satchell.net
Fri Dec 25 15:35:00 UTC 2015
On 12/25/2015 06:18 AM, Mike Hammett wrote:
> To the thread, not necessarily Daniel, if blocking
> countries\continents is a bad thing (not saying I disagree), how do
> you deal with the flood of trash? Just take it on the chin?
>
> The degree of splash damage by blocking this way will vary based
> uponwhat kind of network you are. Residential eyeballs? You could
> probably block most of a lot of things and people wouldn't notice
> or care, as long as it wasn't Google, Facebook, Netflix, etc.
In my networks, different users have different requirements. So I have
to be careful in my ACLs to allow what they need, while reducing access
by those who view the Internet as a sewer, and not as a privilege. (Used
to be a BOFH in the NSF days.)
So my blocking list has grown, as I have identified bad actors from the
information in my logs. Keeping in mind that people with one bad habit
will most likely have other bad habits as well, I keep it simple: if you
don't play nice, you are blocked at the demarc.
For of the majority of my users, I provide access behind a router with
the block list shown below. For those customers who want an unblocked
feed, I provide that by having the edge bypass the filtering router. (No
one has asked yet for custom filters -- 1841s are cheap and easy, and
don't take much power.)
I don't intend to provide this list for others to use. I provide this
list as an example of how I exercise my right of Internet Freedom of
Assocation, and keep my own network safe from intruders. Abuse reports?
I've given up on them, frankly. My logs don't include enough
information for some admins, so they drop my reports without further
comment. When there is an admin listed.
The nice thing about IPTABLES is that I can pull a report, if I want to,
of which of these blocks are still generating traffic. As we go farther
down the IPv4-split road, I may just set up a database of the blocks,
and monitor the traffic to see which ones have gone silent and thus can
be removed. Or not -- that's a lot of work and time, both of which I
can direct to activities that bring in revenue.
> 1.93.34.222/32 china ssh abuser 2014 August
> 5.79.75.0/24 netherlands spam 2015 January
> 8.27.235.155 Microsoft 2015 September
> 14.139.172.0/24 india ssh abuser 2015 April
> 23.19.26.250 ubiquityservers.com ssh 2015 January
> 23.90.39.0/24 eonix.net spam 2014 October
> 23.90.51.0/24 eonix.net spam 2014 October
> 23.227.196.0/24 Swiftway.com spammer 2014 October
> 23.228.74.0/24 globalfrag.com spam 2015 January
> 23.228.78.0/24 Blanckeart (NY) spam 2014 September
> 23.228.96.0/24 globalfrag.com spam 2015 January
> 23.228.103.0/24 spam 2015 April
> 23.229.2.0/24 servermania.com spam 2015 January
> 23.229.97.0/24 servermania.com spam 2015 January
> 23.247.12.0/24 globalfrag.com spam 2015 January
> 23.254.59.0/24 spam 2015 April
> 31.184.194.114 russia ssh 2015 January
> 36.72.228.0/24 India ssh abuser 2014 October
> 38.113.188.0/24 cogent.net spam 2015 January
> 41.186.0.0/16 Rwanda ssh 2015 May
> 43.229.52.0/24 unknown ssh 2015 May
> 43.229.53.0/24 unknown ssh 2015 September
> 43.255.189.0/24 unknown ssh 2015 June
> 46.166.136.0/24 spam 2015 April
> 46.166.189.0/24 spam 2015 April
> 50.2.0.0/15 eonix.net spam 2014 October
> 50.7.38.0/24 fdcservers.net spam 2015 January
> 50.162.224.109 comcast.net ssh 2015 January
> 52.28.227.79 amazonaws ssh 2015 September
> 58.208.0.0/12 china ssh abuser 2015 May
> 58.217.106.0/24 china ssh 2014 November
> 58.218.166.241/24 china ssh abuser 2015 April
> 58.218.204.241/24 china ssh abuser 2015 April
> 60.173.8.0/24 china shellshock 2014 September
> 60.173.9.0/24 china shellshock 2014 September
> 60.173.10.0/24 china shellshock 2014 September
> 60.173.11.0/24 china shellshock 2014 September
> 60.173.14.0/24 china shellshock 2014 September
> 60.173.26.0/24 china shellshock 2014 September
> 60.174.233.0/24 china shellshock 2014 September
> 60.184.82.0/24 china spam 2014 October
> 61.153.105.0/24 china ssh abuser 2014 August
> 61.153.110.0/24 china ssh abuser 2014 August
> 61.174.49.0/24 china smtp abuser 2014 August
> 61.174.50.0/24 china ssh abuser 2014 August
> 61.174.51.0/24 china ssh abuser 2014 August
> 61.168.229.114/24 china ssh abuser 2015 February
> 62.210.78.0/24 french ssh abuser 2014 October
> 63.223.110.0/24 sentris.com spam 2014 October
> 64.4.54.253 Microsoft 2015 September
> 64.16.210.0/23 sagonet.com spam 2015 January
> 66.37.4.0/24 omnis.com mail 2014 October
> 66.70.34.113 superfish 2015 May
> 66.148.122.0/24 superb.net spam 2015 January
> 66.55.93.168/29 gigenet.com spam 2014 October
> 68.233.128.0/20 yesmail.com spam 2014 October
> 69.58.3.0/24 spam 2015 April
> 69.60.127.172 slantcoil.info 2014 August
> 69.65.41.30/32 online market media 2014 August
> 69.65.46.56/29 online market media 2014 August
> 69.65.53.0/24 Hd-gaming.com spam 2015 January
> 69.168.184.210 xplornet.com ssh 2015 January
> 70.39.86.0/24 spam 2015 April
> 70.39.122.0/24 sharktech.net spam 2015 January
> 71.245.177.204 Verizon ssh 2015 July
> 74.208.0.0/16 1on1 mail abuse 2014 October
> 75.99.22.136/29 NY ssh abuse 2014 August
> 75.140.42.118 china nmap 2014 August
> 76.191.64.0/18 vanoppen.biz spam 2014 October
> 76.191.112.0/22 sentris.com spam 2014 October
> 78.129.180.0/24 rapidswitch.com spam 2015 January
> 78.138.127.0/24 poland spam 2015 January
> 79.142.65.0/24 Netherlands spam 2014 October
> 80.82.66.0/24 netherlands spam 2015 January
> 80.82.70.0/24 Spybot proxy abuse 2014 August
> 80.82.79.0/24 Spybot proxy abuse 2014 August
> 80.242.123.0/24 Boznia ssh abuse 2015 May
> 82.102.176.0/21 ssh abuse 2015 June
> 83.234.174.0/24 Charger ssh 2015 September
> 86.34.224.0/24 Romania spam 2014 October
> 89.248.172.0/24 Netherlands shellshock 2014 September
> 93.174.89.0/24 netherlands spam 2015 January
> 95.211.155.0/24 Netherlands spammer 2014 October
> 95.211.158.0/24 leaseweb.com spam 2014 October
> 95.211.197.0/24 leaseweb.com spam 2014 October
> 103.6.151.0/24 Signapore ssh 2015 September
> 103.41.124.0/24 Hong Kong ssh abuser 2015 March
> 103.252.99.0/24 relay.pttag.com spam 2014 October
> 104.36.86.0/24 servercrate.com spam 2015 January
> 104.140.56.0/24 spam 2015 April
> 104.148.71.0/24 domain phising spam 2015 May
> 106.4.0.0/14 china spammer 2014 October
> 107.158.0.0/16 eonix.net spam 2014 October
> 107.182.141.0/24 cloudshards.com spam 2015 January
> 108.168.211.0/24 softlayer.com spam 2014 October
> 109.63.0.0/16 WiMax core ssh abuser 2015 May
> 109.161.128.0/18 WiMax ssh abuser 2015 May
> 109.161.192.0/18 WiMax ssh abuser 2015 May
> 109.169.75.64/24 belfast ssh abuser 2015 February
> 110.76.47.0/24 china ssh abuser 2014 October
> 111.1.46.125/24 china ssh abuser 2015 April
> 111.74.238.0/24 china ssh abuser 2014 October
> 111.192.0.0/12 china ssh abuser 2015 June
> 112.93.254.128/29 china smtp abuser 2014 August
> 113.106.63.0/24 china ssh abyser 2014 September
> 113.163.32.0/19 vietnam ssh abuser 2015 December
> 113.171.10.0/24 vietnam ssh abuser 2014 August
> 115.153.142.0/23 china spammer 2014 October
> 115.239.228.14/24 china ssh abuser 2015 February
> 115.239.248.0/24 china ssh abuset 2014 October
> 116.10.191.0/24 china ssh abuser 2014 August
> 117.21.173.0/24 china ssh 2015 January
> 117.21.191.0/24 china ssh abuser 2014 October
> 117.27.158.0/24 china ssh abuser 2014 October
> 117.224.0.0/16 WiMax ssh abuser 2015 May
> 117.235.194.0/24 india spammer 2014 October
> 117.244.0.0/16 WiMax ssh abuser 2015 May
> 117.245.0.0/18 WiMax ssh abuser 2015 September
> 117.245.64.0/19 WiMax ssh abuser 2015 September
> 117.253.0.0/16 WiMax ssh abuser 2015 May
> 117.255.208.0/20 WiMax ssh abuser 2015 May
> 117.255.224.0/19 WiMax ssh abuser 2015 May
> 118.123.166.0/24 china ssh abuser 2015 April
> 121.12.109.0/24 china mail-relay 2015 January
> 122.224.32.0/24 china ssh abuser 2014 October
> 122.225.97.64/26 china ssh abuser 2014 October
> 122.225.103.0/24 china ssh abuser 2014 December
> 122.225.109.0/24 china ssh abuser 2014 August
> 122.226.102.0/23 china ssh abuser 2014 October
> 122.231.69.0/24 china spammer 2014 October
> 123.157.150.0/24 china ssh abuser 2014 October
> 123.242.229.75/24 hong kong ssh abuser 2015 February
> 124.35.69.0/24 Japan ssh 2015 January
> 134.19.180.0/24 netherlands spam 2015 January
> 144.0.0.0/24 china ssh abuser 2014 August
> 153.120.25.0/24 japan ssh abuser 2014 September
> 162.217.99.0/24 Internap spam 2014 October
> 162.219.27.0/24 alnitech.com spammer 2014 October
> 162.221.201.0/24 esecuredata spammer 2014 October
> 162.246.57.0/24 spam 2015 April
> 162.246.58.0/24 spam 2015 April
> 162.250.120.0/21 spam 2015 June
> 162.251.160.0/24 1gservers.com 2014 October
> 171.111.153.0/24 china ShellShock 2014 October
> 173.44.157.0/24 serverhub.com spam 2015 January
> 173.22.177.0/24 spam 2015 April
> 173.44.253.0/24 spam 2015 April
> 173.45.90.0/24 ee.net spammers 2014 October
> 173.213.70.224/27 falldare.net 2014 August
> 173.213.94.0/24 spam 2015 April
> 173.213.100.0/24 eonix.net spam 2015 January
> 173.213.103.224/27 slantcoil.info 2014 August
> 173.224.121.0/24 spam 2015 April
> 173.224.123.0/24 dedicatedserver4u spam 2014 October
> 173.224.126.0/24 dedicatedserver4u spam 2014 October
> 173.232.112.0/24 learn2speak.info 2014 October
> 173.232.249.0/24 eonix.net spam 2015 January
> 173.244.147.0/24 spam 2015 April
> 175.101.0.0/16 excellmedia.net india 2014 August
> 176.51.227.0/24 russian spam 2014 October
> 177.54.144.57 eonix.net ssh 2015 January
> 178.251.230.0/24 spam 2015 April
> 183.57.57.0/24 china SSH abuser 2014 October
> 185.42.240.32/24 ssh 2015 April
> 183.82.10/24 India SSH abuser 2014 October
> 184.170.244.0/24 coloat.com 2014 October
> 185.44.107.0/24 spam 2015 April
> 186.216.247.0/24 Brazil ssh 2015 September
> 186.216.249.0/24 Brazil ssh 2015 September
> 186.216.250.0/24 Brazil ssh 2015 September
> 186.216.251.0/24 Brazil ssh 2015 September
> 188.40.248.0/24 German spammer 2014 October
> 188.234.136.0/22 Russia ssh 2015 September
> 193.107.16.0/24 Seychelles ssh abuser 2014 August
> 192.3.108.0/24 colocrossing.com spam 2014 October
> 193.104.41.53/24 modolvia ssh abuse 2015 April
> 198.89.90.0/24 spam 2015 April
> 199.34.124.0/24 baremetalcloud.com spam 2014 October
> 199.115.228.0/22 VolumeDrive spam 2014 October
> 199.182.161.0/24 serverel.net 2014 October
> 199.189.115.71/24 Antigua and Barbuda SSH 2015 February
> 199.202.216.0/24 spam 2015 April
> 200.30.170.0 Nicaragua SSH 2015 January
> 200.162.4.0/26 Brazil spam (exe) 2014 October
> 202.85.213.203/24 China ssh abuser 2015 February
> 202.137.9.53/24 link.net.id ssh 2015 January
> 202.137.225.0/24 ssh 2015 April
> 202.109.143.0/24 china ssh abuser 2014 October
> 202.146.220.0/24 hong kong domain phish 2015 May
> 204.45.208.0/24 fdcservers.net spam 2015 January
> 206.222.18.0/24 ee.net spam 2015 January
> 208.94.21.0/24 E-dialog.com spam 2015 January
> 208.94.244.144/28 joedatacenter.com spam 2014 October
> 209.95.38.0/24 mpcustomer.com spam 2014 October
> 209.95.40.0/24 spam 2015 April
> 209.160.24.0/24 hopone.net spam 2015 January
> 210.32.200.0/21 China ssh 2015 December
> 210.211.118.0/24 Vietnam ssh abuse 2015 December
> 213.163.66.0/24 netherlands spam 2015 January
> 211.143.243.0/24 china ssh abuser 2014 August
> 213.163.66.0/24 netherlands spam 2015 January
> 213.163.72.0/24 i3d.net spammer 2014 October
> 216.77.79.0/24 china nmap 2014 August
> 216.99.158.150/24 psychz.net ssh abuse 2015 March
> 218.2.0.0/16 china ssh abuser 2014 October
> 218.3.0.0/16 china ssh abuser 2015 December
> 218.4.0.0/16 china ssh abuser 2015 December
> 218.64.0.0/16 china ssh abuser 2015 July
> 218.65.0.0/17 china ssh abuser 2015 July
> 218.199.144.0/24 china ssh abuser 2015 November
> 219.138.135.0/24 china ssh abuser 2014 August
> 219.141.254.244/24 china ssh abusert 2015 April
> 220.163.0.0/16 china domain phishing 2015 May
> 220.164.0.0/16 china domain phishing 2015 May
> 220.165.0.0/16 china domain phishing 2015 May
> 220.177.198.0/24 china ssh abuser 2014 October
> 220.184.0.0/16 china ssh abuser 2015 May
> 220.185.0.0/16 china ssh abuser 2015 May
> 220.186.0.0/16 china ssh abuser 2015 May
> 220.187.0.0/16 china ssh abuser 2015 May
> 220.188.0.0/16 china ssh abuser 2015 May
> 220.189.0.0/16 china ssh abuser 2015 May
> 220.190.0.0/16 china ssh abuser 2015 May
> 220.191.0.0/16 china ssh abuser 2015 May
> 221.194.47.0/24 china ssh abuser 2014 October
> 221.224.0.0/13 china ssh abuser 2015 May
> 221.229.160.223/24 china ssh abuser 2015 April
> 221.229.160.241/24 china ssh abuser 2015 April
> 221.235.188.0/24 china ssh abuser 2014 November
> 222.34.30.0/24 china shellshock 2014 November
> 222.163.192.0/24 china ssh abuser 2014 August (2014 Sep)
> 222.184.0.0/13 china ssh abuser 2015 May
> 223.73.110.0/24 china spam 2015 January
More information about the NANOG
mailing list