From owner-freebsd-security  Wed Apr 25  5:30:34 2001
Delivered-To: freebsd-security@freebsd.org
Received: from caerulus.cerintha.com (caerulus.cerintha.com [207.18.92.26])
	by hub.freebsd.org (Postfix) with ESMTP id C8D5937B422
	for <freebsd-security@freebsd.org>; Wed, 25 Apr 2001 05:30:29 -0700 (PDT)
	(envelope-from scheidell@Cerintha.com)
Received: (from scheidell@localhost)
	by caerulus.cerintha.com (8.11.3/8.11.3) id f3PC4cw22343;
	Wed, 25 Apr 2001 08:04:38 -0400 (EDT)
Date: Wed, 25 Apr 2001 08:04:38 -0400 (EDT)
From: Michael S Scheidell <scheidell@Cerintha.com>
Message-Id: <200104251204.f3PC4cw22343@caerulus.cerintha.com>
To: freebsd-security@freebsd.org
Subject: Re: Re[2]: Connection attempts
In-Reply-To: <7432.010421@kechara.net>
References: <Pine.BSF.4.21.0104231526270.27876-100000@w2xo.int> <7432.010421@kechara.net>
Reply-To: scheidell@fdma.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>
> You should see my intrusion database... 93% from Korea, Taiwan and
> the likes. The rest from interesting places such as Hungaria. There
> is never any response from ISPs. Solution a) grin and bare it (is
> that really a solution though?). Solution b) actively firewall
> connections from these places (blanket bans are never a great idea
> though.)

mynetwatchman has contacts in koera. there is a 'cert' web site there (i
forget link) but hehas contacts at kornet and they host many of the
schools (where ths systems are mostly located)

 >
> Solution c) anyone?

firewall china at least.
kills spam and if you use stealth mode, harasses spammers all in one step.

#china:
    $fwcmd add deny ip from 61.128.0.0/16 to any in via $oif
    $fwcmd add deny ip from 202.96.0.0/16 to any in via $oif
    $fwcmd add deny ip from 202.107.0.0/16 to any in via $oif
    $fwcmd add deny ip from 211.96.0.0/21 to any in via $oif
    $fwcmd add deny ip from 211.88.0.0/21 to any in via $oif
    $fwcmd add deny ip from 210.72.0.0/22 to any in via $oif
    $fwcmd add deny ip from 159.226.0.0/16 to any in via $oif
    $fwcmd add deny ip from 61.128.0.0/18 to any in via $oif
    $fwcmd add deny ip from 202.64.0.0/18 to any in via $oif
    $fwcmd add deny ip from 210.14.192.0/18 to any in via $oif
    $fwcmd add deny ip from 203.93.0.0/16 to any in via $oif
    $fwcmd add deny ip from 166.111.0.0/15 to any in via $oif
#HK:
#    203.168.128.0 - 203.168.159.255
    $fwcmd add deny ip from 203.168.128.0/17 to any in via $oif



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message