I went to http://www.iana.org/assignments/ipv4-address-space and grep-ed for APNIC (Asia-Pacific Network Information Center) to get the following list. For the church email site that I support I block wholesale /8 IP address ranges. I assume that for our church we will never get email from an APNIC site. 058/8 Apr 04 APNIC (whois.apnic.net) 059/8 Apr 04 APNIC (whois.apnic.net) 060/8 Apr 03 APNIC (whois.apnic.net) 061/8 Apr 97 APNIC (whois.apnic.net) 124/8 Jan 05 APNIC (whois.apnic.net) 125/8 Jan 05 APNIC (whois.apnic.net) 126/8 Jan 05 APNIC (whois.apnic.net) 202/8 May 93 APNIC (whois.apnic.net) 203/8 May 93 APNIC (whois.apnic.net) 210/8 Jun 96 APNIC (whois.apnic.net) 211/8 Jun 96 APNIC (whois.apnic.net) 218/8 Dec 00 APNIC (whois.apnic.net) 219/8 Sep 01 APNIC (whois.apnic.net) 220/8 Dec 01 APNIC (whois.apnic.net) 221/8 Jul 02 APNIC (whois.apnic.net) 222/8 Feb 03 APNIC (whois.apnic.net) Here is my procmail recipe if that helps: :0 H * ^Received:.*\[(58\.|59\.|60\.|61\.|\ 124\.|125\.|126\.|\ 202\.|203\.|\ 210\.|211\.|\ 218\.|219\.|\ 220\.|221\.|222\.) { /dev/null } ...Kevin O'Neil -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Geoff White Sent: Wednesday, July 06, 2005 2:50 PM To: nanog@merit.edu Subject: Need BOGIES list Hello All. I'm having trouble with Cracking Attempts and DoS attacks from a lot of places in China :) My client doesn't do any business in that region so they don't mind If I block the entire sub-continent :) Does anyone have a bad-guy list (or part of one) that I can use to get started? I'm using pf under OpenBSD 3.7 as a firewall box. E-mailing me off line is fine geoffw