Actually, droping anything not from 44/8 from the tunnel(s) is quite effective :-) Haven't seean any attack from a 44 address (yet?)...
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of sp2lob@tlen Sent: Monday, September 29, 2014 20:36 To: AMPRNet working group Subject: Re: [44net] Apache2 log - suspicious entries...
(Please trim inclusions from previous messages) _______________________________________________ Hello Brian(N1URO) et al.
My list of "abusing" subnets and single IP's contains 56 lines and still grows almost every day. All of them blocked continuously by iptables.
For securing all amprnet interfaces I have one PERFECT cure:
-A INPUT ! -s 44.0.0.0/8 -i tunl0 -j DROP -A INPUT ! -s 44.0.0.0/8 -i tun0 -j DROP -A INPUT ! -s 44.0.0.0/8 -i tun1 -j DROP -A INPUT ! -s 44.0.0.0/8 -i tun2 -j DROP -A INPUT ! -s 44.0.0.0/8 -i sl0 -j DROP -A INPUT ! -s 44.0.0.0/8 -i sl1 -j DROP -A INPUT ! -s 44.0.0.0/8 -i sl2 -j DROP
Really deadly weapon, Hi!
Nothing, literally nothing, what isn't originated from 44 network is explicitly DROPped. JNOS-2.0j4, TNOS-2.40, OpenVPN(44net), TNOS-3.01a1 and two (X)net's are as safe as never before.
Sending email to the "abuse" mailbox is nice and pollite way but do not change situation right away. Just my personal point of view...
One day somebody said: if I run taxi business, say in Texas, I do not want customer from LaLaLand poking around!
Best regards. Tom - sp2lob
Send from Sony Xperia Z1 http://www.aqua-mail.com
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net