LinkBack URL
About LinkBacksI am getting flooded out by some user on skynet.be, the IPs change to often to keep blocking them. Does anyone know how to block an entire ISP from accessing my server, either via IP tables or some other way? Thanks.
Blocking an ISP?
I am getting flooded out by some user on skynet.be, the IPs change to often to keep blocking them. Does anyone know how to block an entire ISP from accessing my server, either via IP tables or some other way? Thanks.
You need to locate their IP blocks in one of APNIC/ARIN/RIPE and then use their CIDR to drop the whole network using iptables.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
So if I were to block each one of them how would it be done?
I found the IPs i need to ban on htp://www.fixedorbit.com/cgi-bin/cgirange.exe?ASN=5432. Using the first one listed as an example, how would be the correct format to ban the ip and all its ranges.
62.4.128.0 start IP
62.4.255.255 end IP
/sbin/iptables -I INPUT -s 62.4.128.0/255 -j DROP
Is that correct? Or does the format need to be different to cover that entire range
Not /255, here's a nifty page explaining CIDR:
http://public.pacbell.net/dedicated/cidr.html
Other than that, your command looks good.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
A class C would be/sbin/iptables -I INPUT -s 62.4.128.0/255 -j DROP
/sbin/iptables -I INPUT -s 62.4.128.0/24 -j DROP
Reply With Quote