More country blocking

11 Aug 2004

After blocking China and Korea recently I have still been getting quite a bit of scans and unfriendly traffic. Especially people who have been trying to log into my SSH servers with some simple user accounts like guest or by trying root logins. It's purely automated and hit all my IP addresses. This comes from Japan mostly so I decided it is time to rid my world of the Japanese as well.

Problem was getting a good source for IP ranges. Turns out Maxmind publish their GeoIP Free Country database in CSV format as well, so then it was just a matter of writing up a tool to take their ranges of IP's and create cidr notation entries and produce ipfw commands from those.

I got a bit of code from Gary Colman to do the translation from ranges to cidr notation and built that into my existing firewall builder script.

Posted by R.I.Pienaar on Wednesday, August 11, 2004 at 2:25 PM

Filed in

Leave a comment

Recent Entries

  • flashpolicyd 2.0

    I wrote a multi threaded server for Adobe Flash Policy requests, some background from Adobe:Since policy files were first introduced, Flash Player has recognized /crossdomain.xml...

  • Adventures with Ruby

    Some more about my continuing experiences with ruby, in my last post I saidthe language does what you'd expect and as you'll see in my...

  • New programming language of choice - Ruby

    I have fallen out of love with Perl some time ago, I cannot point to one specific thing about it that put me off, I...

  • On working from home

    I've not been posting much here, work has been incredibly manic the last while, especially I need to still finish off my SSO posts with...

  • Rework of puppet facts for /etc/facts.txt

    Previously I blogged a custom fact that reads /etc/facts.txt to build up some custom facts for use in Puppet manifests, well I've since learned a...

Close