Ah, but many routers today, the SOHO units that provide NAT protection, are routers, but are not setup as basic routers, they are setup for home users, so the distinction is needed. Linksys routers can be setup as a router and even block, but it would disable all the home user easy functions and most home users would never be able to get to the internet at all.
I'm being slight;y cryptic here - we don't need these sources abused. I suspect clued admins will have absolutely no difficulty using it.
ftp.afrinic.net ftp.arin.net ftp.ripe.net ftp.apnic.net ftp.lacnic.net
Rather useful files are below the 'pub/' or 'stats/' directory. You do need a moderate amount of manipulation to make the data useful, but it's not difficult. An example of one file is
[compton ~]$ head IP.ADDR/stats/delegated-lacnic-20050314 2|lacnic|20050315|2411|19700101|20050314|-0300 lacnic|*|ipv4|*|1460|summary lacnic|*|ipv6|*|15|summary lacnic|*|asn|*|936|summary lacnic|CL|ipv4|24.152.0.0|32768|20000411|allocated lacnic|AR|ipv4|24.232.0.0|65536|19970602|allocated lacnic|TT|ipv4|64.28.128.0|4096|20000111|assigned lacnic|AR|ipv4|66.60.0.0|16384|20001226|allocated lacnic|CO|ipv4|66.128.32.0|4096|20010604|allocated lacnic|CO|ipv4|66.231.64.0|4096|19870101|allocated [compton ~]$The fields (separated by a pipe) are RIR, country code, record type, starting address, number of addresses within the block (isn't CIDR wonderful), date the record was created, and status. Be prepared for some strange block sizes range from 8 (/29) up to 16777216 (/8) but there are also two hundred other sizes in between.
Old guy
AFRINIC was split off from RIPE around 2 months ago
You're saying that as if it was a bad thing!
Surely, for inbound non-return traffic one would block *everything* except what is explicitly defined?
As you know, a very standard rule of thumb is that if you are not offering a service, the port is closed. This also applies to countries or regions. If your company has no plans to offer their product/service to this or that place/entity, then not accepting a connection is a reasonable decision. Where my wife works, they sell product to the USA and Mexico, and to reduce the spam problem, the network admin has a quite restrictive set of firewall rules. Heck, I know he's even blocked two major ISPs in Canada.
But think about this again - my home network offers absolutely NO services to ANYONE. But the rules that deny all new incoming connections don't prevent me from hitting
Old guy
I have a Sonicwall TZ-170 firewall. Since I am just a home user I have it set to:- allow all connections initiated by me from the LAN including return traffic and drop all connections initiated from the WAN.
I am not running any servers here so I didn't need to allow for externally initiated connections. As I said the firewall is dropping the packets according to these rules so I am not affected. My only reason for complaining about the spamming is that it adds to net traffic.
Yeppers. That is SOP for network administration. Leythos is only correcting your presumed misinterpretation of the conversation in this thread. I have no problems getting to Asus or BBC with the list in place as the list only blocks unsolicited inbound traffic. If anybody from any RIPE or APNIC address were to attempt access to my exposed web server, they would be effectively blocked.
You are correct, but many people in this thread also run servers that provide public access, so the distinction of knowing a block-list by country is necessary. If none of us provided public services the list would not be needed, but some of us own several email servers, many web servers, many FTP servers, many other types of servers, that are accessible to the public for our friends/customers.
For a residential connection you don't need to permit ANY inbound and you should block outbound (to destination ports) 135~139, 445,
1433,1434,1026,1027, and if you can, block 25 except to your ISP's mail server.
Of course, most issues we get are from the Americas, so I'd advise blocking ARIN addresses
That leaves me with ... uh, AFRINIC and LACNIC. Hmm. May as well block those too. No sense risking offending anybody, right? That means I may as well take down my port routing for the web server, cancel the DSL line, hang up the appliance firewall entirely and go back to dial-up. FORWARD INTO THE PAST!
If your firewall is working properly and your computer isn't misconfigured and your users are not brain-dead zombies who gladly enable everything and auto-click the OK button without reading the message, then yes, you could call this just static. Unfortunately, most of the users on the Internet are not so placed, and the "bad guys" have discovered that there is easy money to be made exploiting fools and others who really shouldn't be using anything as complicated as a digital watch.
You got that one right. Call the Grand Jury! There's some inventigatin' to be done.
Old guy
JC wrote in news: snipped-for-privacy@4ax.com:
Isn't most of this stuff just harmless Internet static? I remember when I first started running Kerio, I was amazed at the amount of blocked junk that showed up in my log. After doing some research, and asking questions here, it seemed that most of it was just static.
What on earth makes you think being on dial-up is going to protect you? Everyone knows that for any hope of security you need to disconnect all cables, insert into a lead lined safe, encase in 5 feet of concrete, and drop into the mid atlantic trench
:::sigh::: Yer right. What the hell was I thinking. Okay, I'm disconnecting the power cable n..
JC do you have the IPS/GAV/Anti-spyware sub for your TZ170?
attacks.
My ISP provided spam and virus filtering for me. I am not familiar with the sub you refer to particularly the IPS. I am assuming that GAV is the anti-virus protection.
BTW the rate of spam has slowed to alternating 16 then 22 minute intervals in the last 24 hours.
JC
"MyndPhlyp" wrote in news:7mw4e.4156$ snipped-for-privacy@newsread1.news.atl.earthlink.net:
whats the point of hosting a web presence if you are going to block out chunks of the internet? attempts are fine as long as they are not getting in. means you are properly securing.
What's the point of providing information to people that are not in the target audience?
What's the point of exposing more of the services than are necessary for the business?
What's the point of allowing entry by areas of the world that we don't do business with?
The answer to the above three questions is why we block those areas - there is no need to expose services to those users you are not targeting with your information.
Properly secured is a never ending struggle, since no OS is perfectly secure, not service is perfectly secure, the less you expose the better.
I was running really late last night, and decided to order pizza to be picked up on the way home. There's a pizza joint about a half mile from the house that has a website you can order from, so off we go to http://www..com... hmmm, I didn't know they offered pr0n. Well, I know the phone should work. When I stopped to pickup the pizza, I found the owner, and mentioned his little problem. Sure enough, his windoze toy server had been 0wn3d again. I asked him who's doing his website (his son), and why the site is accepting connections from the entire world, but get the usual dumb stare. Yes, the idiot is to freakin' st00pid to be using a computer, but to compete, he has to have a web presence. It's a family owned business that really does great pizza and other takeout, and can't afford to pay someone with clue to set up the web server and firewall. I think he also believes that every Internet address begins with the letters 'www' and ends with '.com'. Blocking major parts of the world is not going to effect his business in the slightest, but might reduce the chances of the site being 0wn3d again. To bad he won't take the hint.
Old guy
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.