* Re: Fwd: Re: Interesting request. block x.x.0.0
[not found] ` <15920.37125.743591.125495@isis.cs3-inc.com>
@ 2003-01-24 14:53 ` Daniel F. Chief Security Engineer -
0 siblings, 0 replies; only message in thread
From: Daniel F. Chief Security Engineer - @ 2003-01-24 14:53 UTC (permalink / raw)
To: Don Cohen, netfilter, netfilter-devel
Patrick Schaaf kindly pointed out that I could do this.
iptables -I INPUT -s 0.0.0.0/0.0.255.255 -j DROP
That will drop any IP that ends in 0.0
Thanks for every ones help.
I will also look into the u32 patch thanks again.
On Thursday 23 January 2003 19:04, you wrote:
> > I do not want to block every IP on say 45.208.0.0/16 just the ips ending
> > in 0.0 as the last two octets.
> >
> > I can write a tcpdump filter to find the traffic Im just not sure if we
> > have a way to craft a netfilter rule to do so. Or maybe the "recent"
> > patch could be of use. Although the dDoS included 65000 source IP
> > addresses. all ending in 0.0 for the ip address.
> >
> > the tcdump filter looks like this.
> >
> > tcpdump -nn -i eth0 'ip[18:2] == 00'
>
> The u32 match I recently posted can do this.
--
Daniel Fairchild - Chief Security Engineer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how
close you get to nothing.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-01-24 14:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20030123232639.14408.11687.Mailman@kashyyyk>
[not found] ` <15920.37125.743591.125495@isis.cs3-inc.com>
2003-01-24 14:53 ` Fwd: Re: Interesting request. block x.x.0.0 Daniel F. Chief Security Engineer -
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox