-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jack --- Frank Wiles wrote:
On Sun, 1 May 2005 20:27:02 -0700 (PDT) Jack [email protected] wrote:
Just to add to what Dave said...
I have a production server that is fairly low end hardware that currently has 2952 iptables rules that block individual IPs, several /24 networks, and a handful of /16s. There is no noticeble impact on the box.
Wow! That's great news! Ok, so the plan looks rto be to add the ipaddresses to iptables and change the port for sshd. Other ports are being probed and attacked, but not as frequently and not nearly as aggressively. I'll modify my blacklist gathering script to automatically add the new addresses to iptables and send me an email listing the new addresses.
That would be a nice thing to post for the rest of us to look at. The script that is. And I what do you guys recommend for a group of Ips for default block, such as the Korean and Chinese blocks, or a site that lists recommendations like this. Is mapsrbl still active and valid?
On Mon, 2 May 2005 10:29:20 -0500 "Kelsay, Brian - Kansas City, MO" [email protected] wrote:
That would be a nice thing to post for the rest of us to look at. The script that is. And I what do you guys recommend for a group of Ips for default block, such as the Korean and Chinese blocks, or a site that lists recommendations like this. Is mapsrbl still active and valid?
MAPS RBL is active and valid, but it's a pay service. I would recommend using the SpamHaus RBL and the orbd.org ones.
As for a list of IPs by country, here is a good site for you:
--------------------------------- Frank Wiles [email protected] http://www.wiles.org ---------------------------------
-
Frank Wiles -
Kelsay, Brian - Kansas City, MO