What firewall software do you use? I like to use iptables for my packet filtering needs. I maintain a list of ip addresses that have either earned their way onto that list by scanning me or by finding good blockable ip address lists online. I found such a list from a Phrack article the other day and I set about adding those addresses to my list.
My firewall consists of a bash script that adds the ip addresses to my drop list. The format for the rule is:
/sbin/iptables -I INPUT -s $IPADDRESS -j DROP
What this accomplishes is that if a packet originates from the source (-s) ip address destined for my computer, it will be dropped, no questions asked. This rule is only invoked if the outside computer attempts to initiate a connection with me. If I establish a connection with them, I am allowed to do it.
The ip addresses in the article are not summarized, that is, they are not in an easy notation for adding to my iptables file. For example, our friends over at the Defense Intelligence Agency have ip addresses in the range of 144.236.0.0 through 144.242.255.255. This equates to 144.236.0.0/14, 144.240.0.0/15, and 144.242.0.0/16.
I maintain my banned ip address list as a list of ip addresses, arranged as 1 ip address per line. I like to convert the list of ip addresses into a portable shell script that I can give to my friends so they can block the bad guys as well. This can be done on one line (depending on the size of window for your terminal) as shown here:
$ cat ip.lst | while read line; do echo "/sbin/iptables -I INPUT -s ${line} -j DROP"; done > out.sh
To make out.sh executable:
$ chmod a+x out.sh
and now the script can be run using root privileges. Enjoy.
2008-03-02
Subscribe to:
Posts (Atom)