I get sort of draconian in my implementation: If someone from a country that doesn't speak English attacks, I block the entire subnet. Screw 'em.
blocklist.txt- (595.43 KiB) Downloaded 347 times
Interesting are some. Diego Garcia, really?
Donovan's block list
6 posts
• Page 1 of 1
Donovan's block list
by Donovan Ready » Sat Jun 30, 2018 1:25 pm
This is in iptables format, so massage if necessary.
I get sort of draconian in my implementation: If someone from a country that doesn't speak English attacks, I block the entire subnet. Screw 'em.
Interesting are some. Diego Garcia, really?
I get sort of draconian in my implementation: If someone from a country that doesn't speak English attacks, I block the entire subnet. Screw 'em.
Interesting are some. Diego Garcia, really?
- Donovan Ready
- Posts: 239
- Joined: Thu Apr 17, 2014 1:22 pm
- Location: Austin, Texas
Re: Donovan's block list
by Donovan Ready » Sat Jun 30, 2018 1:59 pm
And just for giggles, here's my sites-enabled file for Apache:
- 000-default.txt
- (24.68 KiB) Downloaded 300 times
- Donovan Ready
- Posts: 239
- Joined: Thu Apr 17, 2014 1:22 pm
- Location: Austin, Texas
Re: Donovan's block list
by Donovan Ready » Sat Jun 30, 2018 3:47 pm
Here's an update for you, and the tale of corruption.
It resolves to France, therefore OVH is correct, but Amazon owns almost all the 54.0.0.0 range. It comes up in some searches as Merck, which is bullshit. I don't know when they went tits-up for the spies, but when and if you get a hack attempt resolving to an address in that range, you can damned well make money on the bet that it originated from "somewhere in Northern Virginia".
Simpleminded crap, as usual.
- Code: Select all
0 0 DROP tcp -- * * 54.38.0.0/16 0.0.0.0/0 tcp /* OVH-Amazon-NSA */
It resolves to France, therefore OVH is correct, but Amazon owns almost all the 54.0.0.0 range. It comes up in some searches as Merck, which is bullshit. I don't know when they went tits-up for the spies, but when and if you get a hack attempt resolving to an address in that range, you can damned well make money on the bet that it originated from "somewhere in Northern Virginia".
Simpleminded crap, as usual.
- Donovan Ready
- Posts: 239
- Joined: Thu Apr 17, 2014 1:22 pm
- Location: Austin, Texas
Re: Donovan's block list
by Doug Coulter » Sat Jun 30, 2018 8:59 pm
NOVA is CIA (Langley, VA). NSA is Ft Meade, MD, the next state up. I should know, I fixed computers at both places when I worked for DEC. (and other reasons, but I don't work for beltway bandits anymore). Of course, either and both are "anywhere they want to be today".
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
-
Doug Coulter - Posts: 3515
- Joined: Wed Jul 14, 2010 7:05 pm
- Location: Floyd county, VA, USA
Re: Donovan's block list
by Donovan Ready » Sat Jun 30, 2018 9:25 pm
Yep, thanks to Amazon cloud services. You and I know that they can appear to be anywhere, but most of the time they're as stupid as the script-kiddies...
I get hits from military that resolve to the equator and the prime meridian, but that's just sailors. I guess...
I get hits from military that resolve to the equator and the prime meridian, but that's just sailors. I guess...
- Donovan Ready
- Posts: 239
- Joined: Thu Apr 17, 2014 1:22 pm
- Location: Austin, Texas
Re: Donovan's block list
by Doug Coulter » Sat Jun 30, 2018 9:44 pm
Most of them ARE script kiddies with a gov job, that's why - and why guys like Snowden were able to leak the instructions they needed to operate, as it was/is all magic to the average analyst. They'd not have needed directions on how to pour piss out of a boot if they were good, right?
Which is like calling a janitor a sanitary engineer - Titles on business cards are cheap!
I'm beginning to think we can omit the "kiddies" part - maybe some of them are just scripts. Tay, where are you?
Which is like calling a janitor a sanitary engineer - Titles on business cards are cheap!
I'm beginning to think we can omit the "kiddies" part - maybe some of them are just scripts. Tay, where are you?
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
-
Doug Coulter - Posts: 3515
- Joined: Wed Jul 14, 2010 7:05 pm
- Location: Floyd county, VA, USA
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 19 guests