Re: firewall blockage of spam/banner ads? - Security

This is a discussion on Re: firewall blockage of spam/banner ads? - Security ; Proteus wrote: > I thought I read somewhere that there are certain ip address you can put > into iptables of a linux firewall to cut down on spam and banner ads. I am > using Guarddog firewall, is there ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: firewall blockage of spam/banner ads?

  1. Re: firewall blockage of spam/banner ads?

    Proteus wrote:

    > I thought I read somewhere that there are certain ip address you can put
    > into iptables of a linux firewall to cut down on spam and banner ads. I am
    > using Guarddog firewall, is there some set if ipaddresses I can add to my
    > firewall to cut down on spam email getting through to my system, to cut
    > down on banner ads on browser windows, etc?


    This is a possibly risky approach I occasionally use to rid people of
    Sino-Korean packets. Obviously, you'd only use it if you didn't have any
    any legitmate traffic from these countries. It's a mallet method, but it
    certainly drops tons of attempted sploits, and can be rather effective
    against spam as well. If you run a mail server and your ISP allows you port
    25 traffic from anywhere, it can definitely knock back the CPU cycles
    devoted to SpamAssasin, etc.

    uggc://jjj.bxrna.pbz/gurtbbqf.ugzy

    The nice thing is that it's updated 1-2 times per week (used to be, still
    claims to be, but I should add some comparison code), and scriptable.
    Please follow their cron advice!

    A similar (mallet) approach is to script up some screen-scrapes against
    pages such as:
    uggc://jjj.ncavp.arg/ncavp-ova/vci4-ol-pbhagel.cy?pbhagel=pa

    --
    Greg Metcalfe
    GPG fingerprint: 95B3 2BDD 9152 1E7D A240 37C1 7AE2 9B71 0065 F029

  2. Re: firewall blockage of spam/banner ads?

    On Fri, 02 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
    , Greg Metcalfe wrote:

    >Obviously, you'd only use it if you didn't have anyany legitmate
    >traffic from these countries.


    If you do, you poke holes in front of this list.

    >It's a mallet method, but it certainly drops tons of attempted sploits


    as opposed to the 'tac-nuke' method of blocking by as coarse as /6s?

    >The nice thing is that it's updated 1-2 times per week (used to be, still
    >claims to be, but I should add some comparison code), and scriptable.


    May still be. Point is the rate of allocations from APNIC has fallen off.
    As of mid-November, APNIC had allocated 41893120 addresses (there's a /16
    out of ARIN) to Korea. A 2002 population figure reports only 47.64 million
    people, so they're almost at 1:1. Japan (142430720 and 127.347 million) is
    even higher. By comparison, the figures for .us are 1319484928 and 287.602
    million, mainly because of allocations to the government (military and
    civil), and that major corporations are based here. The figures for the .uk
    (39635096 and 60.178 million) or .de (50417104 and 82.506 million) are more
    representative. China... 73675008 and 1,284.2 million, India 6092800 and
    1,047.6 million, Brazil 15075072 and 174.619 million.

    >A similar (mallet) approach is to script up some screen-scrapes against
    >pages such as:


    I'll admit that I haven't looked that hard, but I simply grab the Zone files
    from the RIRs because I hadn't seen comparably IP-by-country lists from the
    other four. This also gives me the IPv6 allocations as well as ASNs. I've
    found that monthly grabs are adequate, as it takes time to go from the
    allocated/assigned by the RIR to packets on the wire stage. I don't think
    I've ever seen a non-spoofed address on the wire that hasn't been in my
    copy of the zone files.

    Old guy

+ Reply to Thread