RE: Ahhh, the perks of managing government networks
Title: RE: Ahhh, the perks of managing government networks Maybe someone already replied, but surely it's: access-list reject_all deny ip 210.0.0.0 0.255.255.255 any etc. I prefer access-list blah deny ip 0.0.0.0 255.255.255.255 10.1.1.0 0.0.0.255 (webservers) applied to external router inbound. No complaints then about Nimda, slow server response, HTTP 500 Server errors. Just a few people claim they can't get to the website, but hey it works fine for me from inside. Must be a problem their end. Guaranteed to buy you a few days of freedom. Luke Butcher Em: [EMAIL PROTECTED] -Original Message- From: Network Operations [mailto:[EMAIL PROTECTED]] Subject: Ahhh, the perks of managing government networks If you get fed up with SPAM and script kiddies just: access-list reject_all deny ip 210.0.0.0 255.0.0.0 any access-list reject_all deny ip 211.0.0.0 255.0.0.0 any hmm, who next, I think I remember some BO scans from poland last week... access-list reject_all deny ip 195.0.0.0 255.0.0.0 any E-mail Disclaimer Nabarro Nathanson Principal office: Lacon House, Theobalds Road London WC1X 8RW Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524 NOTICE This message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it. The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website. We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it. Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com
RE: Ahhh, the perks of managing government networks
Title: RE: Ahhh, the perks of managing government networks blacklisting a whole class C address isn't the solution! I mean, I am part of the 195.0.0.0 address-range.If everybody starts adding thisaccess-list to their border-routers it is over with my internet connectivity and a lot of complaints will follow from my neighbours and I am not from Poland I thought that this mail was just a joke, but it seems that it is already being implemented (sites that are inaccessible etc) Erwin -Original Message-From: Luke Butcher [mailto:[EMAIL PROTECTED]]Sent: donderdag 10 januari 2002 10:18To: [EMAIL PROTECTED]Subject: RE: Ahhh, the perks of managing government networks Maybe someone already replied, but surely it's: access-list reject_all deny ip 210.0.0.0 0.255.255.255 any etc. I prefer access-list blah deny ip 0.0.0.0 255.255.255.255 10.1.1.0 0.0.0.255 (webservers) applied to external router inbound. No complaints then about Nimda, slow server response, HTTP 500 Server errors. Just a few people claim they can't get to the website, but hey it works fine for me from inside. Must be a problem their end. Guaranteed to buy you a few days of freedom. Luke Butcher Em: [EMAIL PROTECTED] -Original Message- From: Network Operations [mailto:[EMAIL PROTECTED]] Subject: Ahhh, the perks of managing government networks If you get fed up with SPAM and script kiddies just: access-list reject_all deny ip 210.0.0.0 255.0.0.0 any access-list reject_all deny ip 211.0.0.0 255.0.0.0 any hmm, who next, I think I remember some BO scans from poland last week... access-list reject_all deny ip 195.0.0.0 255.0.0.0 any E-mail DisclaimerNabarro NathansonPrincipal office:Lacon House, Theobalds RoadLondon WC1X 8RWTel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524NOTICEThis message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it.The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website.We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it.Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com
RE: Ahhh, the perks of managing government networks
Title: RE: Ahhh, the perks of managing government networks Erwin Geirnaert [mailto:[EMAIL PROTECTED]] spouted thusly: Subject: RE: Ahhh, the perks of managing government networks blacklisting a whole class C address isn't the solution! I mean, I am part of the 195.0.0.0 address-range. If everybody starts adding this access-list to their border-routers it is over with my internet connectivity and a lot of complaints will follow from my neighbours and I am not from Poland Maybe it's my day for nitpicking. But surely 195.0.0.0 Would be a Class A? (excepting the traditional definition of Class a 1.0.0.0 - 127.0.0.0 Class B being 128.0.0.0, etc. This is the reason I don't refer to classes, merely submasks or bits) On a more serious note. I did work for a company that blacklisted a 7 bit mask (Asia Pacific IP already noted) amongst others. This was due to a lot of the problems coming from those networks. As it was an e-commerce operation (hence my new job:) that never delivered outside the UK, this was a very legitimate ban. And yes we did debate the whole my granny in China could buy something online and get it delivered to me in the UK debate, but the benefits outweighed the losses. The original emails were intended as jokes, well mine was at least. There probably are many places with blanket bans on IP ranges, and I'm sure they also have good reasons. Like most people I'm sure 195.0.0.0 wouldn't be banned as it spans many places (all in Europe though). While it's more efficient to lose some valid traffic, but ban a lot of crap traffic a lot of people will take these steps. What needs to be done is improve the signal to noise ratio in your corner of the address space. And China, Korea, Poland, Russia, etc. could do with a lot of cleaning. Brazil seems to be making inroads into the top ten list of favoured havens of script kiddies, and their compromised boxen. This is not a political view, this is fact based upon documented evidence of scans and hack attempts, seen here at my current employment, and previous places of employment. (As well as some personal tinkering) Regards, Luke Butcher Em: [EMAIL PROTECTED] E-mail Disclaimer Nabarro Nathanson Principal office: Lacon House, Theobalds Road London WC1X 8RW Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524 NOTICE This message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it. The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website. We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it. Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com
RE: Ahhh, the perks of managing government networks
Sorry Luke, On the PIX anyway to block a /24 netblock (class C for some) it would be: .deny IP 192.168.10.0 255.255.255.0 to block a /16 it would be: .deny IP 192.168.0.0 255.255.0.0 NOT 0.0.0.255 and 0.0.255.255 as you stated. This is a fundamental different between many routers and firewalls. And organizations are going to block what they want is most beneficial to that organization. We fortunately have the ability to block everyone, so we do...When we quit seeing abusive traffic on the wire things may change. If it's any consolation, we've only blocked SMTP traffic from Europe/Asia (so far anyway) with several exeptions.. cheers.. Marc Luke Butcher [EMAIL PROTECTED] 01/10 1:18 AM Maybe someone already replied, but surely it's: access-list reject_all deny ip 210.0.0.0 0.255.255.255 any etc. I prefer access-list blah deny ip 0.0.0.0 255.255.255.255 10.1.1.0 0.0.0.255 (webservers) applied to external router inbound. No complaints then about Nimda, slow server response, HTTP 500 Server errors. Just a few people claim they can't get to the website, but hey it works fine for me from inside. Must be a problem their end. Guaranteed to buy you a few days of freedom. Luke Butcher Em: [EMAIL PROTECTED] -Original Message- From: Network Operations [mailto:[EMAIL PROTECTED]] Subject: Ahhh, the perks of managing government networks If you get fed up with SPAM and script kiddies just: access-list reject_all deny ip 210.0.0.0 255.0.0.0 any access-list reject_all deny ip 211.0.0.0 255.0.0.0 any hmm, who next, I think I remember some BO scans from poland last week... access-list reject_all deny ip 195.0.0.0 255.0.0.0 any E-mail Disclaimer Nabarro Nathanson Principal office: Lacon House, Theobalds Road London WC1X 8RW Tel: +44 (0)20 7524 6000 Fax: +44(0)20 7524 6524 NOTICE This message contains confidential (and potentially legally privileged) information solely for its intended recipients and others may not distribute, copy or use it. If you have received this communication in error please tell us either by return e-mail or at the numbers above and delete it, and any copies of it. The contents of this e-mail are subject to the firms Terms of Business copies of which are available on our website. We have taken steps to ensure that this message (and any attachments or hyperlinks contained within it) are free from computer viruses and the like. However, in accordance with good computing practice the recipient is responsible for ensuring that it is actually virus free before opening it. Regulated by the Law Society. A list of partners is available at the address above or on our website, http://www.nabarro.com ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
RE: Ahhh, the perks of managing government networks
On 10 Jan 2002, at 16:57, Luke Butcher wrote: Brazil seems to be making inroads into the top ten list of favoured havens of script kiddies, and their compromised boxen. When I tried black-holing Brazil, one of my co-workers complained that she could no longer email with her family back home DG ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
RE: Ahhh, the perks of managing government networks
LOL, Was she a hottie? I'd probably be able to open up a /30 for her =) [EMAIL PROTECTED] 01/10 1:11 PM On 10 Jan 2002, at 16:57, Luke Butcher wrote: When I tried black-holing Brazil, one of my co-workers complained that she could no longer email with her family back home DG ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
Ahhh, the perks of managing government networks
If you get fed up with SPAM and script kiddies just: access-list reject_all deny ip 210.0.0.0 255.0.0.0 any access-list reject_all deny ip 211.0.0.0 255.0.0.0 any hmm, who next, I think I remember some BO scans from poland last week... access-list reject_all deny ip 195.0.0.0 255.0.0.0 any man is it lunch time yet? I think I'll take a nap... hehe Marc.. ___ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
