Actually, droping anything not from 44/8 from the tunnel(s) is quite
effective :-)
Haven't seean any attack from a 44 address (yet?)...
-----Original Message-----
From: 44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu
[mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of
sp2lob@tlen
Sent: Monday, September 29, 2014 20:36
To: AMPRNet working group
Subject: Re: [44net] Apache2 log - suspicious entries...
(Please trim inclusions from previous messages)
_______________________________________________
Hello Brian(N1URO) et al.
My list of "abusing" subnets and single IP's
contains 56 lines and still grows almost every day.
All of them blocked continuously by iptables.
For securing all amprnet interfaces I have one PERFECT cure:
-A INPUT ! -s 44.0.0.0/8 -i tunl0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun1 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun2 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl1 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl2 -j DROP
Really deadly weapon, Hi!
Nothing, literally nothing, what isn't originated
from 44 network is explicitly DROPped.
JNOS-2.0j4, TNOS-2.40, OpenVPN(44net), TNOS-3.01a1
and two (X)net's are as safe as never before.
Sending email to the "abuse" mailbox is nice and pollite
way but do not change situation right away.
Just my personal point of view...
One day somebody said: if I run taxi business, say in Texas,
I do not want customer from LaLaLand poking around!
Best regards.
Tom - sp2lob
Send from Sony Xperia Z1
http://www.aqua-mail.com
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net