From owner-freebsd-questions@FreeBSD.ORG Wed Aug 24 11:50:26 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80FE716A41F for ; Wed, 24 Aug 2005 11:50:26 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id E550B43D60 for ; Wed, 24 Aug 2005 11:50:13 +0000 (GMT) (envelope-from hornetmadness@gmail.com) Received: by rproxy.gmail.com with SMTP id 34so46677rns for ; Wed, 24 Aug 2005 04:50:13 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pN5jCqBnmIZPAq6M1x53PPhiDSet5R6cnbOn1a1EG0UQnoZ1sWeexrGzBCCngxXkKxw/Fi4OpeMBNcH33+abibANDxk1xeoJ3t62jAJnDlKR6hnmue0rk3fLwx9nHld2owNRgHDSAJe3KgDGk19mgbv9ncpCLObCbJm/mjoJ4CE= Received: by 10.38.8.15 with SMTP id 15mr26442rnh; Wed, 24 Aug 2005 04:50:13 -0700 (PDT) Received: by 10.38.8.23 with HTTP; Wed, 24 Aug 2005 04:50:13 -0700 (PDT) Message-ID: Date: Wed, 24 Aug 2005 07:50:13 -0400 From: Hornet To: Michael Dale In-Reply-To: <430C5CAC.4050705@dalegroup.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050824042234.12260.qmail@web34103.mail.mud.yahoo.com> <430C5CAC.4050705@dalegroup.net> Cc: FreeBSD Questions Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2005 11:50:26 -0000 On 8/24/05, Michael Dale wrote: >=20 > >Also, most if not all of the blocks below are Asia netblocks that I > >have had more then 3 attempts to gain access to my servers. > > > >220.0.0.0/8 > >202.0.0.0/7 > >134.208.0.0/16 > >218.0.0.0/8 > >210.0.0.0/7 > >221.0.0.0/8 > >219.0.0.0/8 > >195.116.0.0/16 > >59.0.0.0/8 > >195.133.91.0/24 > >222.0.0.0/8 > > > > > > > Not always a good idea. A lot of Australian users have been having > issues because of people doing this. More info here: > http://forums.whirlpool.net.au/forum-replies.cfm?t=3D324246#r2 >=20 >=20 You are right, its not a good idea, but when they attempt access I email the logs and and a nice email (NOT a 3 page complaint followed by demands and treat of legal recourse (I work at a large ISP so I know)) I get no where, those ISP's are leave me no other choice. I should also state that I remove the netblocks from my blackhole list about every 3 months, but the same blocks always end up back on the list. -Erik-