16 Sep
2015
16 Sep
'15
2:12 p.m.
There's also an automated solution here, but I'm not sure if that will just drop
packets destined to my VM host or will it drop all the packets coming in on the interface
so that none reach my VMs (I'm running them in bridged mode with real IPs on the same
subnet)
http://www.cyberciti.biz/faq/block-entier-country-using-iptables/
On 16 Sep 2015, at 13:07, Brian Schenkenberger, VAXman- <system at TMESIS.COM>
wrote:
Sampsa Laine <sampsa at mac.com> writes:
You're probably under a Chinese/Russian robot
attack, trying to =
brute-force their way in.
I've had this on occasion and am tempted to just drop all packets =
originating from China..
I've gone even further here. I block all nets that originate APNIC.
Not sure what the best way to do this is, I have
a pretty simple =
consumer level router (Draytek) so I guess I could use iptables or =
something on Linux - however I'm not if that'll just affect the host I =
run the iptables command on or the whole interface.
Basically, I have one physical interface for 8 virtual machines and a =
bunch of SIMH instances etc. If I could drop the packets at the =
interface of the host machine it'd be ideal.
Any iptables experts out there?
I use IPTABLES on one of the Lunix servers I run to add IP addresses which I
have determined to be those of botnet control systems (generally, systems the
Chinese et al are using).
/sbin/iptables -A INPUT -s $IP -p all -j DROP
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.