Thousands of ssh probes
Erik Norgaard
norgaard at locolomo.org
Mon Mar 8 22:11:48 UTC 2010
On 08/03/10 18:56, Jason Garrett wrote:
>> Much better, restrict the client access to certain ranges of IPs. The
>> different registries publish ip ranges assigned per country and you can
>> create a list blocking countries you are certain not to visit, you can use
>> my script:
>>
>> http://www.locolomo.org/pub/src/toolbox/inet.pl
>>
> Great script! Just one question. Where do you put the list of denied ip
> ranges?
The output is written to be used with packet filter, if you use some
other firewall you may need edit the script. If you use packet filter,
then you can dump the list into a file and create tables like this:
table <blacklist> persist file "/etc/blacklist"
block in quick from <blacklist>
I use blacklisting for mail while I use whitelisting for ssh.
You should know the limits of the script, the problem is that some
ranges have been assigned directly by IANA, particularly for US. These
are not included. The list is limited as these are all /8 chunks, you
can find it here:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
These ranges are managed by private organisations and assigned as they
see fit.
There is another thing I'd like to filter by: I'd like to eliminate
dynamic ranges, particularly for mail. It's been recommended that
reverse lookup resolves to something like dyn.example.com or
dynamic.example.com, but there is no registry where you can simply look
it up.
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list