From owner-freebsd-questions@FreeBSD.ORG Sun Jun 11 14:42:44 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D56316A418 for ; Sun, 11 Jun 2006 14:42:44 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [72.9.101.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3686343D45 for ; Sun, 11 Jun 2006 14:42:44 +0000 (GMT) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (danm@localhost.gushi.org [127.0.0.1]) by prime.gushi.org (8.13.6/8.13.6) with ESMTP id k5BEgp8r069027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 11 Jun 2006 10:42:52 -0400 (EDT) DKIM-Signature: a=rsa-sha1; c=simple/simple; d=prime.gushi.org; s=primegushiorg; t=1150036972; bh=0Eix3xYBCSq1XIlDGXeICaIXCHk=; h=DomainKey-Signature: Received:Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=s268e9r1+0uoKUrCI4qQWFznbqMvJK58s+UrBs 95XISiaW9DXesxcEzZp3xWz3F7oRZl/9YNx9lZjJiFQrDuig== DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=prime.gushi.org; c=simple; q=dns; b=TG4Id9MJS2x4mFXT92mJOySPJhC9FDPrq5wD4ku41dwQ2cPbKa1bCZr9XidRMb5qf GZ/KP9B/rK6+ALcfu+o6g== Received: (from danm@localhost) by prime.gushi.org (8.13.6/8.13.6/Submit) id k5BEgo9b068954; Sun, 11 Jun 2006 10:42:50 -0400 (EDT) Date: Sun, 11 Jun 2006 10:42:49 -0400 (EDT) From: "Dan Mahoney, System Admin" To: fbsd In-Reply-To: Message-ID: <20060611103434.S1979@prime.gushi.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: questions@freebsd.org Subject: RE: Deny large number of IPs via ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 14:42:44 -0000 On Sun, 11 Jun 2006, fbsd wrote: > Using such an list of ip address from a major rbl is flawed at the > core of the idea. > Over 85% of those 3 million ip address are spoofed in the first > place. > Most are what would be called false positives. > > Reread the info at the source cbl.abuseat.org it says the data is > not intended to be used the way you are trying to use it. All it says is: "We're getting a lot of reports of spurious blocking caused by sites using the CBL to block authenticated access to smarthosts / outgoing mail servers. THE CBL is only designed to be used on INCOMING mail, i.e. on the hosts that your MX records point to." Which I take to mean, yeah, if you're using it on sendmail, you allow SMTP AUTH to override blacklists (this is the case by default.) Whereas my intention would be to use it to block ports such as 80 and 22. Every system I've found trying to brute-force SSH on my box has already been in this database, and by using mod_access_rbl for apache I was able to catch and block a dozen or so attempts to post spammish content to guestbooks and the like (but I'd like to do this without the overhead of apache DNS lookups). Thanks for your input, though. -Dan > > You really need to rethink what you are doing. > > > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Dan > Mahoney, > System Admin > Sent: Sunday, June 11, 2006 8:36 AM > To: questions@freebsd.org > Subject: Deny large number of IPs via ipfw > > > Hey all, > > I've got a file that I just synced from a major RBL, and I'd like to > just > use it to globally deny access to my system. Is there an easy way > to do > this within ipfw -- the file is about 3 *million* lines, and is from > cbl.abuseat.org. > > -Dan > > -- > > "SOY BOMB!" > > -The Chest of the nameless streaker of the 1998 Grammy Awards' Bob > Dylan > Performance. > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > -- "I am a professional drinker, and I know that that was NOT Jose Cuervo!" "Well, what was it then?" "I think it was some mixture of Rubbing Alcohol, and Desenex(TM) Foot Powder, because my feet feel okay, and my back doesn't hurt, but my stomach is killing me!" -Dan Mahoney, Costa Rica, August 12th, 1994 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------