-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 already doing that for hacker networks and spamlinkdests with 2 embedded pfsense from database in netsecdb.de
to use /8 would be a little bit tooo cruel, wouldn't it? Regards, Claus Glenn Kelley schrieb: > I would love to pull in all that fun stuff from this nice tool > > http://blacklist.linuxadmin.org/ > > Of course that makes the iptables ruleset. > > I am very interested in how we could do this easily for the entire > community. > > Wish I knew code better - write a little script to create all of > these. > > > :-) On Sep 23, 2008, at 10:47 AM, Derrick Conner wrote: > >> Darn good idea! I'm going to set that up right now. Thanks! >> Don't know why this didn't come to me. >> >> Derrick >> >> -----Original Message----- From: Glenn Kelley >> [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 >> 11:21 PM To: [email protected] Subject: Re: [pfSense Support] >> blocking spammers xml >> >> I did these a little different... in XML I added >> >> in filters section <filters> >> >> >> <rule> <type>block</type> <interface>wan</interface> >> <max-src-nodes/> <max-src-states/> <statetimeout/> >> <statetype>keep state</statetype> <os></os> >> <protocol>tcp/udp</protocol> <source> <address>spammers</address> >> </source> <destination> <any/> <port>25</port> </destination> >> <descr>spammers</descr> </rule> >> >> >> </filters> >> >> then below the rules / filters section >> >> >> >> <aliases> <alias> <name>spammers</name> <address>66.0.0.0/8 >> 66.0.0.0/8 78.0.0.0/8 79.0.0.0/8 80.0.0.0/8 81.0.0.0/8 82.0.0.0/8 >> 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8 87.0.0.0/8 88.0.0.0/8 >> 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8 93.0.0.0/8 94.0.0.0/8 >> 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8 123.0.0.0/8 >> 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8 200.0.0.0/8 >> 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8 >> 190.0.0.0/8</address> <descr>SMTP Block Known Spam >> Networks</descr> <type>network</type> <detail>smtp block spam >> Canada||smtp block Spam Canada||smtp block Spam Amsterdam||smtp >> block Spam Amsterdam||smtp block Spam Amsterdam|| smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Asia||smtp block Spam Amsterdam||smtp >> block Spam Amsterdam|| smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Amsterdam||smtp block Spam Amsterdam||smtp block Spam >> Mexico||smtp block Spam Mexico||smtp block Spam Mexico|| smtp >> block Spam Mexico||smtp block Spam Mexico||smtp block Spam >> Mexico||</detail> </alias> </aliases> >> >> >> Seems to work well. >> >> On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote: >> >>> I've attached my cleaned up XML of all the subnets I block. >>> Feel free to post it, or whatever you want to do with it. I >>> would have sent it to Joe Laffey, but I think my spam filter >>> got him. >>> >>> >>> Derrick >>> >>> -----Original Message----- From: Glenn Kelley >>> [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 >>> 10:43 AM To: [email protected] Subject: Re: [pfSense Support] >>> blockign china >>> >>> I would need to know perl . >>> >>> I have given my wife a few of those in the past.... hmmm >>> >>> going to her jewlery box >>> >>> all kidding aside - i think your right. >>> >>> I will see what I can come up w/ - i think this might help the >>> pfsense community @ large. In fact - it seems simple enough - >>> it might make a very simple pkg >>> >>> just a thought - >>> >>> I think if it were a pkg - it could then parse those lists >>> every month or so - cron job 1 time per month and then reinject >>> the changes >>> >>> This way it stays up to date... >>> >>> I would say 95% of the hacking attempts we are seeing in our >>> datacenter are all out of China and Korea - the last 5 % would >>> be say 4% from Russia and 1% from script kiddies in the US >>> >>> Then again 99.256% of all statistics are made up 98.721% of the >>> time >>> >>> I know my #'s are close however >>> >>> Glenn >>> >>> >>> On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote: >>> >>>> On Mon, 22 Sep 2008, Glenn Kelley wrote: >>>> >>>>> Thanks Joe - >>>>> >>>>> I saw that... >>>>> >>>>> My concern was typing all of those into the system one by >>>>> one by one... >>>>> >>>>> Its okay if I gotta do it :-) My hope was that someone >>>>> already has - and that they could put out that part of >>>>> their xml file - so the community could all benefit. >>>> >>>> >>>> I would think you could write a perl script to convert those >>>> into a segment of XML that you could then paste into a saved >>>> config. Then reload that config. >>>> >>>> >>>> >>>> -- Joe Laffey | Visual Effects for Film >>>> and Video LAFFEY Computer Imaging | >>>> ------------------------------------- St. Louis, MO >>>> | Show Reel http://LAFFEY.tv/?e11861 USA >>>> | ------------------------------------- . >>>> | -*- Digital Fusion Plugins -*- >>>> >>> >> ------------------------------------------------------------------------ >> >> >>> -- >>>> >>>> --------------------------------------------------------------------- >>>> >>>> >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] For >>>> additional commands, e-mail: [EMAIL PROTECTED] >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] For >>> additional commands, e-mail: [EMAIL PROTECTED] >>> >>> <Big Spammers .zip >>>> --------------------------------------------------------------------- >>>> >>>> >>> To unsubscribe, e-mail: [EMAIL PROTECTED] For >>> additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] For >> additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] For >> additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > - -- Claus Marxmeier Hausanschrift: Johann-Kierspel-Straße 5 51491 Overath - Immekeppel [EMAIL PROTECTED] http://www.marxmeier.de Phone +49 - 2204 - 305940 Mobil +49 - 172 - 5144659 ___________________________________________________________________________________________________ This computer is protected by netsecurity-database from www.netsecdb.de ___________________________________________________________________________________________________ Hinweis: Die vorliegende E-Mail enthält möglicherweise vertrauliche Daten. Falls Ihr Name nicht in der Liste der Adressaten erscheint, beachten Sie den Inhalt der E-Mail zunächst nicht weiter, öffnen Sie keine Dateianhänge und wenden Sie sich umgehend an den Absender [EMAIL PROTECTED] Sicherheitserklärung: Der Inhalt dieser E-Mail ist ausschliesslich fuer den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Ich bitte Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Ich moechte Sie ausserdem darauf hinweisen, dass die Kommunikation per E-Mail ueber das Internet unsicher ist, da fuer unberechtigte Dritte grundsaetzlich die Moeglichkeit der Kenntnisnahme und Manipulation besteht - auch wenn diese Nachricht durch einen Schlüssel signiert wurde. This message may contain confidential and/or privileged information. If you are not the intended recipient or have received this message in error please notify the sender immediately and delete this message. Any unauthorized copying, disclosure or distribution of the material contained in this message is strictly forbidden. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFI2QyIUIsBFYVeBxARAu3fAJ0Wa7nYFr8RhCKaYGiG/RFqJjWAFgCY15vL Nv7pUf1ratM+XqVEFEjixQ== =fG6V -----END PGP SIGNATURE-----
begin:vcard fn:Claus Marxmeier n:Marxmeier;Claus adr:;;Johann-Kierspel-Strasse 5;Overath-Immekeppel;NRW;51491;Deutschland email;internet:[EMAIL PROTECTED] tel;home:+49-2204-917365 tel;cell:+49-172-5144659 x-mozilla-html:FALSE url:http://ww.marxmeier.de version:2.1 end:vcard
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
