[lug] looking for address block reference...
Ken MacFerrin
lists at macferrin.com
Thu Jan 11 09:56:02 MST 2007
D. Stimits wrote:
> I'm dealing with thousands of brute force ssh attacks from IP addresses
> all over China. I'm just tired of it, is there a list of all Chinese
> addresses somewhere so I can firewall? I have maybe a dozen /16 bans but
> it always comes up that there's another the instant I close one. I've
> been able to find name servers but finding an explicit list of address
> blocks is a pain (just try searching for China and address block on
> google). I've gone to some of the root organizations, like icann, where
> I've found domain name server lists, and not domain blocks. I really
> wish I could just do "whois cn" and get more than a name server list.
>
The company MaxMind puts out a "lite" opensource version of their GeoIP
Country database called GeoLite that should provide the date you're
looking for: http://www.maxmind.com/app/geoip_country
You can also automate this with iptables using this how-to:
http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html
-Ken
More information about the LUG
mailing list