A possible long term problem is that these ip's will probably resume sending valid traffic sometime in the future, when their ISP shuts the spammer off (hopefully). Do wee need to maintain another access control list for each mail server.
Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Wednesday, March 03, 2004 8:33 PM To: [EMAIL PROTECTED] Subject: [IMGate] Re: Anvil & ghba.sh (slight mod) In the last sort of ghba.sh, changing the key to k4 will give output like this: 8 12 0 65.105.133.4 alice.emf0.com. 1 20 0 65.105.133.6 dumper.emailfactory.com. 7 115 0 65.121.78.17 sender2.overstock.com. 6 105 0 65.121.78.26 sender3.overstock.com. 222 2 48 65.172.163.151 mailer1.georgewbush.com. 2 38 0 65.208.171.19 vt219.superbonkers.com. 1 43 0 65.208.171.38 vt338.yippieya.com. 8 10 0 65.214.161.203 5 5 0 65.214.161.207 2 3 0 65.214.161.215 6 14 0 65.214.161.238 4 3 0 65.214.161.242 1 0 0 65.214.161.253 5 0 0 65.214.161.31 1 19 0 65.214.161.5 1 19 0 65.214.161.59 3 23 0 65.214.161.6 1 30 0 65.214.161.70 1 16 0 65.214.161.74 9 21 0 65.214.161.79 11 2 0 65.214.161.85 2 8 0 65.214.161.87 1 8 0 65.214.161.95 65.214.161 is crap, so down the tubes forever (freebsd): %route add -net 65.214.161 127.0.0.1 add net 65.214.161: gateway 127.0.0.1 my route table is filling out nicely with such jerks, second column showing the nulrouted IPs and neworks: Internet: Destination Gateway Flags Refs Use Netif Expire default 199.0.66.1 UGSc 345 85431 fxp0 12.129.205/24 127.0.0.1 UGSc 23 0 lo0 38.118.136.169 127.0.0.1 UGHS 0 0 lo0 61.172.244.239 127.0.0.1 UGHS 0 8668 lo0 64.70.17/24 127.0.0.1 UGSc 1 0 lo0 64.70.53/24 127.0.0.1 UGSc 0 0 lo0 64.70.53.138 127.0.0.1 UGHS 0 4299 lo0 64.95.116/24 127.0.0.1 UGSc 1 0 lo0 64.156.187/24 127.0.0.1 UGSc 9 0 lo0 64.191.35/24 127.0.0.1 UGSc 0 0 lo0 64.191.83/24 127.0.0.1 UGSc 4 0 lo0 64.191.92/24 127.0.0.1 UGSc 3 0 lo0 64.191.94/24 127.0.0.1 UGSc 1 0 lo0 64.191.94.12 127.0.0.1 UGHS 0 0 lo0 64.191.94.15 127.0.0.1 UGHS 0 2277 lo0 64.191.94.16 127.0.0.1 UGHS 0 949 lo0 64.253.207/24 127.0.0.1 UGSc 0 0 lo0 65.60.49/24 127.0.0.1 UGSc 3 0 lo0 65.214.161/24 127.0.0.1 UGSc 5 0 lo0 66.54.93/24 127.0.0.1 UGSc 0 0 lo0 66.55.165/24 127.0.0.1 UGSc 0 0 lo0 66.55.167/24 127.0.0.1 UGSc 0 0 lo0 66.55.169/24 127.0.0.1 UGSc 0 0 lo0 66.63.162/24 127.0.0.1 UGSc 1 0 lo0 66.63.167/24 127.0.0.1 UGSc 1 0 lo0 66.63.174/24 127.0.0.1 UGSc 1 0 lo0 66.63.194/24 127.0.0.1 UGSc 0 0 lo0 66.103.151.35 127.0.0.1 UGHS 0 32442 lo0 66.103.151.36 127.0.0.1 UGHS 0 26444 lo0 66.110.75/24 127.0.0.1 UGSc 1 0 lo0 66.114.254/24 127.0.0.1 UGSc 0 0 lo0 66.240.189/24 127.0.0.1 UGSc 0 0 lo0 67.108.25/24 127.0.0.1 UGSc 0 0 lo0 68.208.213.34 127.0.0.1 UGHS 0 21632 lo0 69.1.234/24 127.0.0.1 UGSc 0 0 lo0 69.6.60/24 127.0.0.1 UGSc 1 0 lo0 69.36.194/24 127.0.0.1 UGSc 0 0 lo0 69.36.197/24 127.0.0.1 UGSc 0 0 lo0 69.60.98/24 127.0.0.1 UGSc 1 0 lo0 80.139.230.244 127.0.0.1 UGHS 0 0 lo0 127.0.0.1 127.0.0.1 UH 108 22 lo0 200.223.214.147 127.0.0.1 UGHS 0 11747 lo0 206.112.88 127.0.0.1 UGSc 0 0 lo0 207.88.245 127.0.0.1 UGSc 3 0 lo0 207.90.33.18 127.0.0.1 UGHS 0 65975 lo0 207.218.165.205 127.0.0.1 UGHS 0 519296 lo0 207.218.165.206 127.0.0.1 UGHS 0 492954 lo0 207.218.165.207 127.0.0.1 UGHS 0 529495 lo0 209.235.115 127.0.0.1 UGSc 0 0 lo0 216.180.114.33 127.0.0.1 UGHS 0 59907 lo0 220.184.134.103 127.0.0.1 UGHS 0 1079 lo0 the "Use" column shows the traffic generated by these IPs AFTER they are nulrouted. if you reboot the machine, you lose the route table, so I have stupid litte script to capture the nulrouted IPs to a file that can be used to re-nulroute after start up: vi /usr/local/bin/nulroute_dump.sh #!/bin/sh touch /var/tmp//nulroute_dump.rpt netstat -rn | egrep ".* 127\.0\.0\.1" | awk '{ print $1 }' > /var/tmp//nulroute_dump.tmp cat /var/tmp//nulroute_dump.rpt /var/tmp//nulroute_dump.tmp | sort -fn | uniq -i > /var/tmp//nulroute_dump.tmp.tmp mv /var/tmp//nulroute_dump.tmp.tmp /var/tmp//nulroute_dump.rpt exit 0 which give an output file: %less /var/tmp//nulroute_dump.rpt 12.129.205/24 38.118.136.169 61.172.244.239 64.156.187/24 64.191.35/24 64.191.83/24 64.191.92/24 64.191.94.12 64.191.94.15 64.191.94.16 64.191.94/24 64.253.207/24 64.70.17/24 64.70.53.138 64.70.53/24 64.95.116/24 65.214.161/24 65.60.49/24 66.103.151.35 66.103.151.36 66.110.75/24 66.114.254/24 66.240.189/24 66.54.93/24 66.55.165/24 66.55.167/24 66.55.169/24 66.63.162/24 66.63.167/24 66.63.174/24 66.63.194/24 67.108.25/24 68.208.213.34 69.1.234/24 69.36.194/24 69.36.197/24 69.6.60/24 69.60.98/24 80.139.230.244 127.0.0.1 200.223.214.147 206.112.88 207.218.165.205 207.218.165.206 207.218.165.207 207.88.245 207.90.33.18 209.235.115 216.180.114.33 220.184.134.103 Len
