Login attacks

Rick Stevens rstevens at vitalstream.com
Thu Dec 9 00:28:05 UTC 2004 

Kostas Sfakiotakis wrote:
> Greetings,
> 
> Jeff Kinz wrote:
> 
>> On Tue, Dec 07, 2004 at 08:47:02PM -0600, Mike Klinke wrote:
>>
>>> On Tuesday 07 December 2004 20:04, Rick Stevens wrote:
>>>
>>>> Whoa, buddy.  The entire 64.0.0.0/8 is NOT a spam source.  We
>>>> have a /19 in that space and we're not spammers.
>>>
>>>
>>>
>>> Rick, note he said /24 (256 nodes) not /8 (16+ million nodes)
>>
>>
>>
>> Ah snarf. and I did the same thing. 
> 
> 
> Even , if it is the 256 nodes and not the 16+ million i think there is
> a question that needs an answer .  How far can someone go , without
> actually blocking normal traffic ?
> All  i mean is that if someone just start's blocking  entire ranges , then
> he might very well end up unable to surf half the Internet or even more .
> Is there a way to block for example the range from
> 64.0.0.1 to 64.0.0.25 leaving the other IP's free ?

You can set up your iptables to block any number of IPs.  Just choose
your netmask carefully.  To block 26 IPs that you mentioned, use
a 64.0.0.0/29 netmask to kill the first 24 IPs, and use 64.0.0.24/31
to block the last two, e.g.:

	-A INPUT -s 64.0.0.0/29 -p tcp -m tcp -j DROP
	-A INPUT -s 64.0.0.24/31 -p tcp -m tcp -j DROP

(I think those are right...it's off the top of my head).  The problem is
that the virii are so darned common on Windows machines that you'll have
a bloody huge config file if you try to keep up with the various
attacks.

Using conntrack and other modules in iptables, setting your default
incoming policy to DROP, using the module's features (such as
"--ctstate RELATED") and putting specific "-j ACCEPT" rules in the
configuration for things you _want_ to accept is a much better way to
block this kind of crud.

Personally, I think Microsoft should pay all of us a stipend for coming
up with rules that block crap their stupid OS puts out.  I don't think
$100 US per rule per system is out of line (let's see, that'd be about
$50,000 US for me).  Maybe then they'd fix that POS operating system.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-    Working with Linux is like wrestling with a worthy opponent.    -
-   Working with Windows is like picking on an annoyed child with a  -
-                            loaded handgun.                         -
----------------------------------------------------------------------

More information about the fedora-list mailing list