How to drop an isp - Dave Handler

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Handler <dhandler@nycap.rr.com>
To: netfilter@lists.netfilter.org
Subject: How to drop an isp
Date: Sat, 05 Nov 2005 09:04:43 -0500	[thread overview]
Message-ID: <436CBBFB.1070101@nycap.rr.com> (raw)

Greetings!

Sorry if I worded my subject wrong, it's the best I could do!

Ok, I'm on Fedora Core 3, running iptables 1.2 (which seems to be 
holding its own).  Logwatch sends me my logs every morning and I see 
people trying to tap in to tcp port 25.  I do lookups on the addresses 
and they all seems to be coming either from Taiwan or China.  A few in 
Europe and every once in while one from the US.

I've been googling around for how to block them.  I'm rather green to 
iptables and some of the options confuse me.  Is there a way I can block 
the whole ip from me?  I'll paste in a section where there where 
accepted packets:

Accepted 327 packets on interface eth0
  From 69.21.138.231 - 169 packets to tcp(22)
  From 70.86.208.18 - 6 packets to tcp(25)
  From 72.36.128.42 - 6 packets to tcp(25)
  From 202.107.195.52 - 128 packets to tcp(22)
  From 207.150.176.81 - 16 packets to tcp(25)
  From 219.133.247.226 - 1 packet to tcp(25)
  From 219.134.232.31 - 1 packet to tcp(25)

So for instance I probably would want to block 202.107.0.0 through 
202.107.255.255.  But I'm not really sure of the syntax I should be 
using.  And I don't want to screw up what I already have in place.

I'm going to chalk this one up as another learning experience!

Thanks in advance!

Dave

next             reply	other threads:[~2005-11-05 14:04 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-05 14:04 Dave Handler [this message]
2005-11-05 18:41 ` How to drop an isp Nikolai Georgiev
2005-11-05 21:49 ` Robert Nichols

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=436CBBFB.1070101@nycap.rr.com \
    --to=dhandler@nycap.rr.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.