Saturday, February 05, 2005
blocking apnic's ip's from my ftp
i got tired of the occasional hack attempts on my ftp server, always from china, so i decided to block all the apnic ip ranges. it's the blue region on the map.
just bored, i guess. but it would be more straightforward just to allow specific ip's instead, since it's secured access only, pretty much for my own use.
anyway, you can get the ip ranges using this whois query. you can also get them from other sources.
not that the “attacks” were very imaginative. just a list of common user ids, with a list of passwords tried for each.
apnic ip ranges ip subnet mask
58.0.0.0 254.0.0.0
60.0.0.0 254.0.0.0
124.0.0.0 254.0.0.0
126.0.0.0 255.0.0.0
202.0.0.0 254.0.0.0
210.0.0.0 254.0.0.0
218.0.0.0 254.0.0.0
220.0.0.0 254.0.0.0
222.0.0.0 255.0.0.0
196.192.0.0 255.248.0.0
i wonder what the ultimate goal was anyway. idle hacking ? and no other ports were attempted.
two sources of attacks:
“weihai zhongxin mansion” ? mansion ? whatever.
the first time i did what you're supposed to do, which is contact the abuse address for the smallest containing subnet with log files, etc. but, eh, why bother. i wonder what kind of results people get from those sorts of complaints, depending on combinations of the country of origin of the complainer and complainee. i wonder if it mirrors corresponding levels of political cooperation, or lack thereof.
internet behavior reflects its users. when it was mainly science based, everything was open, and one would expect cooperation. never heard much in the way of instances of hacking or viruses from back then. contrast that with the present day net.