[OZAPRS] Re: [radio] Firewalls, Pinholes and Blocked IP's

Alex Colquitt alex at bywong.com
Thu Apr 28 15:33:28 EST 2005 

This will probably work better in plain text...


Yes, well Hamish, Darryl, Chris,

I'm sure there'll be a lot of holes in the following and probably a lot 
of reasons to change my evil ways, but this system works for me.

As I've always felt nobody outside of my network has a right to poke 
around my ports, they'll stay blocked.  I leave forwarding access to the 
information servers on my DMZ open, as I do for the LaBrea tarpit I run 
for those insidious Gnutella and Kazza scanners.  Outbound is open on 
selected ports so there's no problem with my users accessing the rest of 
the world. If it isn't work related... they shouldn't be there. Right? 

The logs show multiple port access from multiple source ports from the 
same machines/subnets, so I'd say there's the results of a lot of Trojan 
and worm traffic coming from nodes on 202, 218, 81, etc. It's easier for 
me to block the subnet and pinhole 202 users who have a genuine need for 
access or if I get a complaint from one of my users who's having trouble 
accessing a site.  As soon as I blocked 202 and 81, the inbound traffic 
dropped by 35% which, of course, freed up bandwidth for my outbound 
users... 

Yes Chris, I used to have huge lists of specific blocked  IP addresses 
which I updated to the firewall on a daily basis..  And whois gets a 
good beating too.

Too hard.. took too much time out of the day.  Now, at the very most, I 
do a xxx.xxx.0.0/16 block and  let the rest through.  Believe me, it's 
easier to open the one-off address than maintaining long lists of 
blocked IP addresses.  Also, I'll agree that  ISC is a good resource, 
but it doesn't reflect the traffic sources I see here. 

As for APRS, all access is via RF....  The best firewall is air  :-)    

And Darryl... 20.30 is very accessible from my network.. Your blog  read 
well.. What aircraft do you have?  (Hmm, off topic, sorry)

Cheers,

Alex -VK1AC

ozaprs-request at marconi.ics.mq.edu.au wrote:

>
>
>------------------------------
>
>Message: 3
>Date: Wed, 27 Apr 2005 14:32:26 +1000
>From: Hamish Moffatt <hamish at cloud.net.au>
>Subject: Re: [OZAPRS] Re: 202 Subnet
>To: ozaprs at marconi.ics.mq.edu.au
>Message-ID: <20050427043226.GA28049 at cloud.net.au>
>Content-Type: text/plain; charset=us-ascii
>
>On Wed, Apr 27, 2005 at 02:21:38PM +1000, Alex Colquitt wrote:
>  
>
>>Yep, 202 covers India too. I've just blocked the whole subnet at my 
>>firewall.
>>They generate most of the net traffic in these parts.
>>    
>>
>
>202 & 203 can be all over Asia including Australia.
>If you block all of 202 you will be blocking Australians.
>
>Hamish
>  
>
_______________________________________________
ozaprs mailing list
ozaprs at marconi.ics.mq.edu.au
http://marconi.ics.mq.edu.au/cgi-bin/mailman/listinfo/ozaprs

More information about the Ozaprs mailing list