Are we to believe that filtering .cn will filter all Chinese attacks? I know that if I was up to no good in China, I'd buy a cheap VSAT connection, tld's are probably not a good way to identify bad guys. My two cents.. //warren -----Original Message----- From: Jeroen van Aart [mailto:jeroen@mompl.net] Sent: Friday, April 09, 2010 11:14 AM To: nanog@nanog.org Subject: Re: BGP hijack from 23724 -> 4134 China? Rich Kulawiec wrote:
See ipdeny.com for allocations covering about 225 countries. Alternatively, please see http://www.okean.com/asianspamblocks.html for lists that cover China and Korea only. The former is furnished in CIDR; the latter in CIDR, Apache htaccess, Cisco ACL, and Linux iptables.
Thanks, the iptables list comes in quite handy. People may wish to block port 22 as well as port 25. Although something like fail2ban takes care of that nicely. Greetings, Jeroen