[lug] Blocking spam by blocking partial IP
Hugh Brown
hugh at math.byu.edu
Mon May 9 09:20:38 MDT 2005
I haven't found a nice way to do it other than manually. I go to
apnic.net and use their whois.
I typed in 222.0.0.0 and got told:
inetnum: 222.0.0.0 - 222.15.255.255
netname: KDDI
descr: KDDI CORPORATION
descr: Tokyo, Japan
country: JP
So, next I type in 222.16.0.0 and get:
inetnum: 222.16.0.0 - 222.16.7.255
netname: SCUTDEB-CN
descr: ~{9cV];*DO=LS}?F<<7"U9SPO^9+K>MxBg=LS}Q'T:~}
descr: HNJK NETWORK EDUCATION COLLEGE
descr: GuangZhou, Guangdong 510641, China
country: CN
So, then I would type in 222.16.8.0 and ....
Obviously this doesn't scale well and is asking for help via your favorite
scripting language.
Hugh
On Mon, 9 May 2005, Bill Thoen wrote:
> I have been getting about 200 spams a day, and finally decided to simply
> block the two worst offenders by putting their partial IP's in my
> /etc/mail/access file like so:
>
> 218.1 REJECT
> 222 REJECT
>
> This worked great. Last night's log showed lots and lots of messages
> from these turkeys that got turned back at the door.
>
> However, I'm a bit concerned about blocking everything from IPs that start
> with 222. When I check with whois, I can't get any details on who is
> assigned to any of the subnets under 222. I don't mind blockng anybody
> from China or Korea, but I don't want to block Japanese or Australian
> email.
>
> Is there any way to discover any more details on the 222 IP other than
> it's managed by APNIC?
>
> - Bill Thoen
>
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
>
More information about the LUG
mailing list