[mohaa] banning IPs by range DNS name
Heikki Kokko
heikki.kokko at tromso.online.no
Fri Dec 6 21:40:10 EST 2002
Hello, Silvex.
Answer to your question 1:
route add -net 172.16.0.0/16 reject
(You can remove this with
route del -net 172.16.0.0/16 reject)
Just in case you (or somebody else who reads this) are
not familiar with "/16" etc, it means the first 16 bits of
an ip adress, equals subnet mask255.255.0.0 and in
this case blocks the whole Class B subnet 172.16.x.x
If You want to block the whole Class A subnet
beginning with 10, use command
route add -net 10.0.0.0/8 reject
If You want to block a single Class C subnet
beginning with 192.168.6., use command
route add -net 192.168.6.0/32 reject
And of course, for a single address
192.168.6.123, use command
route add -host 192.168.6.123 reject
I hope someone else has an answer to your question 2.
You can try experimenting with the route command -
it seems to accept also symbolic names, not just ip
addresses.
Anyway, I recommend "DogMeat's Banning Guide for Servers"
@ www.mohadmin.com to anybody who is interested in
this and haven't read it yet, even though his examples are
only for windows (at least were that the last time I checked).
Is your server still up and running?
I suppose I have to drop by and snipe you sometimes :-)
Heikki
----- Original Message -----
From: "Eduardo E. Silva" <esilva at silvex.com>
To: <mohaa at icculus.org>
Sent: Saturday, December 07, 2002 2:06 AM
Subject: [mohaa] banning IPs by range DNS name
> Is ther a way to block IPs by:
>
> 1.- network: 172.16.100. or 172.16.100.0 or 172.16.100
>
> 2.- DNS hackers.somewhere.com
>
> This way the files that contains the banned IPs does not get WAY too long!
> Also by bloking by DNS you capture the FULL range! specially for dialups!
> (ipt.aol.com)
>
> Ed Silva
> Silvex Consulting Inc.
> (714) 504-6870 Cell
>
>
>
>
>
More information about the Mohaa
mailing list