top | item 45948542

(no title)

A1kmm | 3 months ago

It might be easier to block by ASN rather than hard-coding IP ranges. Something as simple as this in cron every 24 hours will help (adjust the ASNs in the bzgrep to your taste - and couple with occasional persistence so you don't get hit every reboot):

TEMPDIR=$(mktemp -d)

trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snap... -Lo "$TEMPDIR/snapshot.bz2"

bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true

iptables -D INPUT -j BAD_AS || true

iptables -A INPUT -j BAD_AS

iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do

    iptables -A BAD_AS -s $ROUTE -j DROP;

done

discuss

No comments yet.