[OZAPRS] Re: [radio] Firewalls, Pinholes and Blocked IP's
Alex Colquitt
alex at bywong.com
Thu Apr 28 15:33:28 EST 2005
This will probably work better in plain text...
Yes, well Hamish, Darryl, Chris,
I'm sure there'll be a lot of holes in the following and probably a lot
of reasons to change my evil ways, but this system works for me.
As I've always felt nobody outside of my network has a right to poke
around my ports, they'll stay blocked. I leave forwarding access to the
information servers on my DMZ open, as I do for the LaBrea tarpit I run
for those insidious Gnutella and Kazza scanners. Outbound is open on
selected ports so there's no problem with my users accessing the rest of
the world. If it isn't work related... they shouldn't be there. Right?
The logs show multiple port access from multiple source ports from the
same machines/subnets, so I'd say there's the results of a lot of Trojan
and worm traffic coming from nodes on 202, 218, 81, etc. It's easier for
me to block the subnet and pinhole 202 users who have a genuine need for
access or if I get a complaint from one of my users who's having trouble
accessing a site. As soon as I blocked 202 and 81, the inbound traffic
dropped by 35% which, of course, freed up bandwidth for my outbound
users...
Yes Chris, I used to have huge lists of specific blocked IP addresses
which I updated to the firewall on a daily basis.. And whois gets a
good beating too.
Too hard.. took too much time out of the day. Now, at the very most, I
do a xxx.xxx.0.0/16 block and let the rest through. Believe me, it's
easier to open the one-off address than maintaining long lists of
blocked IP addresses. Also, I'll agree that ISC is a good resource,
but it doesn't reflect the traffic sources I see here.
As for APRS, all access is via RF.... The best firewall is air :-)
And Darryl... 20.30 is very accessible from my network.. Your blog read
well.. What aircraft do you have? (Hmm, off topic, sorry)
Cheers,
Alex -VK1AC
ozaprs-request at marconi.ics.mq.edu.au wrote:
>
>
>------------------------------
>
>Message: 3
>Date: Wed, 27 Apr 2005 14:32:26 +1000
>From: Hamish Moffatt <hamish at cloud.net.au>
>Subject: Re: [OZAPRS] Re: 202 Subnet
>To: ozaprs at marconi.ics.mq.edu.au
>Message-ID: <20050427043226.GA28049 at cloud.net.au>
>Content-Type: text/plain; charset=us-ascii
>
>On Wed, Apr 27, 2005 at 02:21:38PM +1000, Alex Colquitt wrote:
>
>
>>Yep, 202 covers India too. I've just blocked the whole subnet at my
>>firewall.
>>They generate most of the net traffic in these parts.
>>
>>
>
>202 & 203 can be all over Asia including Australia.
>If you block all of 202 you will be blocking Australians.
>
>Hamish
>
>
_______________________________________________
ozaprs mailing list
ozaprs at marconi.ics.mq.edu.au
http://marconi.ics.mq.edu.au/cgi-bin/mailman/listinfo/ozaprs
More information about the Ozaprs
mailing list