Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Upvoted not because the internet has ever been a safe haven, but for simply taking a moment to document the issue. But then again, I can't even give away a feed of what's bouncing off of my walls, drowning in my moat.

(An Alibaba /16? I block not just 3/8, but every AWS range I can find.)



It might be easier to block by ASN rather than hard-coding IP ranges. Something as simple as this in cron every 24 hours will help (adjust the ASNs in the bzgrep to your taste - and couple with occasional persistence so you don't get hit every reboot):

TEMPDIR=$(mktemp -d)

trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snap... -Lo "$TEMPDIR/snapshot.bz2"

bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true

iptables -D INPUT -j BAD_AS || true

iptables -A INPUT -j BAD_AS

iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do

    iptables -A BAD_AS -s $ROUTE -j DROP;
done


fyi aws have been publishing (since 2014) all their IP ranges in simple json format https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

I'd hope other major clouds would do the same




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: