Lockout a country.

Discussion in 'Computer Security' started by Reffo, Jan 4, 2005.

  1. Reffo

    Reffo Guest

    Hi.

    I'm not trying to be like George Bush, but I got the idea from this issue.

    I'm having a website where Nigerian people can't find anything else
    then addresses for spam. And, I've seen that they are registering to get
    access
    to members lists etc.

    Since I feel that I can live without Nigerian IP's on my website, I would
    love to know
    how I could lock out Nigerian IP's!

    I know the terms in .htaccess Deny from xxx.xxx.xxx.

    Else? Just to lockout that country?

    -Reffo
     
    Reffo, Jan 4, 2005
    #1
    1. Advertising

  2. Reffo

    donnie Guest

    On Tue, 4 Jan 2005 03:17:42 +0100, "Reffo" <> wrote:

    >Hi.
    >
    >I'm not trying to be like George Bush, but I got the idea from this issue.
    >
    >I'm having a website where Nigerian people can't find anything else
    >then addresses for spam. And, I've seen that they are registering to get
    >access
    >to members lists etc.
    >
    >Since I feel that I can live without Nigerian IP's on my website, I would
    >love to know
    >how I could lock out Nigerian IP's!
    >
    >I know the terms in .htaccess Deny from xxx.xxx.xxx.
    >
    >Else? Just to lockout that country?
    >
    >-Reffo
    >

    ################################
    I don't know about writing rule sets to block entire contries but you
    can start to gather some info at:
    http://www.jidaw.com/isp.html
    donnie
     
    donnie, Jan 5, 2005
    #2
    1. Advertising

  3. Reffo

    Jim Guest

    Reffo wrote on 1/3/2005 9:17 PM:
    > Hi.
    >
    > I'm not trying to be like George Bush, but I got the idea from this issue.
    >
    > I'm having a website where Nigerian people can't find anything else
    > then addresses for spam. And, I've seen that they are registering to get
    > access
    > to members lists etc.
    >
    > Since I feel that I can live without Nigerian IP's on my website, I would
    > love to know
    > how I could lock out Nigerian IP's!
    >
    > I know the terms in .htaccess Deny from xxx.xxx.xxx.
    >
    > Else? Just to lockout that country?
    >
    > -Reffo
    >
    >

    Whats with the cheap W shot? Moron. Spain would be a much better
    example. If only we would back down, they wouldnt bomb us any more...
    Wait....

    Jim
     
    Jim, Jan 5, 2005
    #3
  4. Reffo

    Moe Trin Guest

    In article <R2nCd.79549$>, Reffo wrote:

    >Since I feel that I can live without Nigerian IP's on my website, I would
    >love to know how I could lock out Nigerian IP's!


    Fix your firewall.

    [compton ~/incoming]$ grep Nigeria domains
    NG Nigeria
    [compton ~/incoming]$ zgrep NG IP.ADDR/stats/[ALR]*
    IP.ADDR/stats/RIPE.gz:NG 62.173.32.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 62.193.160.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 80.248.0.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 80.250.32.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 81.18.32.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 81.24.0.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 82.128.0.0 255.255.128.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 195.166.224.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 196.200.0.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 196.200.112.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 196.200.64.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 196.202.160.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 196.202.224.0 255.255.248.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 212.100.64.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 213.166.160.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 213.181.64.0 255.255.224.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 217.117.0.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 217.14.80.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:NG 217.78.64.0 255.255.240.0 allocated
    [compton ~/incoming]$

    Now, should they try to connect using a proxy server...

    Old guy
     
    Moe Trin, Jan 5, 2005
    #4
  5. Reffo

    Leythos Guest

    In article <R2nCd.79549$>, nospam@ja-
    takk.com says...
    > Hi.
    >
    > I'm not trying to be like George Bush, but I got the idea from this issue.
    >
    > I'm having a website where Nigerian people can't find anything else
    > then addresses for spam. And, I've seen that they are registering to get
    > access
    > to members lists etc.
    >
    > Since I feel that I can live without Nigerian IP's on my website, I would
    > love to know
    > how I could lock out Nigerian IP's!
    >
    > I know the terms in .htaccess Deny from xxx.xxx.xxx.
    >
    > Else? Just to lockout that country?


    There is no clear way to just block a country as some IP get intermixed
    in locations, but, using a program called VisualRoute I've managed to
    block most of the Nasty places.

    I'm in the USA and only have a couple countries that I work with outside
    the US, here's my block list:

    12.144.182.0/24
    12.45.203.0/24
    12.98.139.0/24
    155.48.106.0/24
    172.184.111.203
    193.251.0.0/16
    193.252.0.0/16
    193.253.0.0/16
    195.58.124.0/24
    200.30.203.0/24
    202.88.186.0/24
    203.152.22.0/24
    205.251.79.0/24
    210.173.37.0/24
    210.201.153.0/24
    210.71.115.0/24
    212.150.124.0/24
    212.18.57.0/24
    212.202.178.0/24
    212.27.32.0-212.27.63.255
    212.9.7.0/24
    213.13.26.0/24
    213.190.213.0/24
    213.228.7.0/24
    216.184.97.0/24
    216.76.35.0/24
    217.118.224.0/24
    217.118.225.0/24
    217.160.110.0/24
    217.224.0.0-217.237.161.47
    217.80.0.0-217.89.31.255
    218.164.28.0/24
    218.252.74.0/24
    218.67.128.0-218.29.255.255
    218.69.108.0/24
    218.69.148.0/24
    218.76.98.0/24
    219.212.4.0/24
    219.56.0.0/24
    219.97.93.0/24
    61.135.148.0/24
    61.175.239.0/24
    61.181.0.0/16
    61.218.19.0/24
    61.33.206.0/24
    61.48.18.0/24
    62.154.0.0/17
    64.230.125.0/24
    66.250.125.0/24
    66.250.32.0/24
    66.28.35.131
    66.57.133.0/24
    80.117.220.0/24
    80.12.255.0/24
    80.145.85.0/24
    80.201.16.0/24
    81.56.58.0-81.56.59.255


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jan 5, 2005
    #5
  6. Reffo

    donnie Guest

    On Tue, 04 Jan 2005 20:00:21 -0500, Jim <> wrote:

    >Whats with the cheap W shot? Moron. Spain would be a much better
    >example. If only we would back down, they wouldnt bomb us any more...
    >Wait....
    >
    >Jim

    ###########################
    Are you saying that he should block Spain instead?
    donnie
     
    donnie, Jan 5, 2005
    #6
  7. Reffo

    Moe Trin Guest

    In article <>,
    Leythos wrote:

    >There is no clear way to just block a country as some IP get intermixed
    >in locations, but, using a program called VisualRoute I've managed to
    >block most of the Nasty places.


    Other than knowing which servers to ask, what does 'VisualRoute' tell you
    that 'whois' doesn't? (I really don't care about intermediate hops that
    can't be blocked, and I know what a map looks like.) And is the information
    any more reliable?

    >I'm in the USA and only have a couple countries that I work with outside
    >the US, here's my block list:


    You seem to be using classless notation only for /16s and /24s... no, I see
    a single /17. That might help avoid typos:

    >218.67.128.0-218.29.255.255


    I suspect that should be

    218.67.128.0 - 218.69.255.255 Tianjing province network CHINANET-TJ

    but APNIC says

    CN 218.56.0.0 255.252.0.0 allocated
    CN 218.62.0.0 255.255.128.0 allocated
    CN 218.62.128.0 255.255.128.0 allocated
    CN 218.63.0.0 255.255.0.0 allocated
    CN 218.64.0.0 255.254.0.0 allocated
    CN 218.66.0.0 255.255.0.0 allocated
    CN 218.67.0.0 255.255.128.0 allocated
    CN 218.67.128.0 255.255.128.0 allocated
    CN 218.68.0.0 255.254.0.0 allocated
    CN 218.70.0.0 255.254.0.0 allocated
    CN 218.72.0.0 255.248.0.0 allocated
    CN 218.80.0.0 255.240.0.0 allocated
    CN 218.96.0.0 255.252.0.0 allocated

    218.56.0.0/13
    218.64.0.0/11
    218.96.0.0/14 does it in three, or

    218.56.0.0-218.99.255.255 does it in one.

    Of course, if you are trying to block China...

    [compton ~]$ zgrep -c '^CN' IP.ADDR/stats/[ALR]* | grep -v ':0'
    IP.ADDR/stats/APNIC.gz:775
    IP.ADDR/stats/ARIN.gz:3
    [compton ~]$ zgrep -h '^CN' IP.ADDR/stats/[ALR]* | cut -d'.' -f1 | sort |
    uniq -c | sort -n +2 | column
    21 CN 59 1 CN 161 7 CN 192 33 CN 211 56 CN 222
    30 CN 60 1 CN 162 1 CN 198 46 CN 218
    67 CN 61 1 CN 166 289 CN 202 27 CN 219
    1 CN 134 1 CN 167 59 CN 203 10 CN 220
    1 CN 159 1 CN 168 69 CN 210 56 CN 221
    [compton ~]$

    That's just the first octet (based on RIR zone files grabbed Sunday).

    Old guy
     
    Moe Trin, Jan 5, 2005
    #7
  8. Reffo

    Leythos Guest

    In article <>,
    says...
    > In article <>,
    > Leythos wrote:
    >
    > >There is no clear way to just block a country as some IP get intermixed
    > >in locations, but, using a program called VisualRoute I've managed to
    > >block most of the Nasty places.

    >
    > Other than knowing which servers to ask, what does 'VisualRoute' tell you
    > that 'whois' doesn't? (I really don't care about intermediate hops that
    > can't be blocked, and I know what a map looks like.) And is the information
    > any more reliable?


    Visual Route provides a very nice spreadsheet that lets me see every %
    Loss, IP Address, Node Name, Location, TimeZone, ms time, a time graph,
    and the Network owner.

    I like the ability to click on the network owner name and get a full
    list of IP's they own.

    >
    > >I'm in the USA and only have a couple countries that I work with outside
    > >the US, here's my block list:

    >
    > You seem to be using classless notation only for /16s and /24s... no, I see
    > a single /17. That might help avoid typos:


    When I started I use to just enter single IP's and then ranges, and now
    I've just moved to blocking the /xx when I have time to calculate it. I
    have not gone back and calculated the addresses and I've not gone back
    to see if any should be removed.

    > >218.67.128.0-218.29.255.255

    >
    > I suspect that should be
    >
    > 218.67.128.0 - 218.69.255.255 Tianjing province network CHINANET-TJ


    Nice catch, I missed that. I will have to update it so I don't block
    more than intended.

    The thing I like most about VR is that I can see the entire hop count
    and have a clickable item for every column/row that expands into more
    information than having to do several lookups. When I get a probe from
    country X, I can see the full path to them (every network) and with just
    a few simple clicks I can see every network that the hop owns and block
    it.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jan 6, 2005
    #8
  9. Reffo

    Moe Trin Guest

    In article <>,
    Leythos wrote:

    >In article <>,
    > says...


    >> Other than knowing which servers to ask, what does 'VisualRoute' tell you
    >> that 'whois' doesn't? (I really don't care about intermediate hops that
    >> can't be blocked, and I know what a map looks like.)


    >Visual Route provides a very nice spreadsheet that lets me see every %
    >Loss, IP Address, Node Name, Location, TimeZone, ms time, a time graph,
    >and the Network owner.


    And this helps you exactly how? I don't know how your network is set,
    but every upstream I've worked with in the past eight years has been
    ignoring Source Routing, and that's the only control you have on where
    your packets go when routing from "here" to "there". You have no control
    at all at how packets are routed from "there" to "here". The IPs of the
    intermediate hops only become known when using a network diagnostic
    like traceroute (or clones). There is nothing in a packet that comes
    from $THERE that tells where it's been, so what do you do with the
    information you gain?

    I'm assuming the program uses ICMP echos with incremental TTL values like
    the Microsoft "tracert" (or the *nix "mtr" application from bitwizard).
    Given that some routers/firewalls are dropping pings, have you compared
    results using the original Unix version of traceroute (defaults to UDP)
    or the Linux TCP version??

    >I like the ability to click on the network owner name and get a full
    >list of IP's they own.


    And you can't get this from 'whois'?

    >When I started I use to just enter single IP's and then ranges, and now
    >I've just moved to blocking the /xx when I have time to calculate it.


    1878 Variable Length Subnet Table For IPv4. T. Pummill, B. Manning.
    December 1995. (Format: TXT=19414 bytes) (Obsoletes RFC1860) (Status:
    INFORMATIONAL)

    Grab a copy of RFC1878 from your favorite mirror.

    >I have not gone back and calculated the addresses and I've not gone back
    >to see if any should be removed.


    Generally speaking, CIDR notation is faster than writing out the bit mask
    (and equally useful), and takes less CPU cycles to evaluate than a from/to
    list. The from/to list is _usually_ easier to visualize. Of course, the
    zone reports from the RIRs use yet another system (number of IPs in a block)
    which is even more useless. Part of the script I use that processes these
    zone files converts the counts to CIDR when easy, though I'm still able
    to comprehend 3840 hosts as the equivalent of 15 x 256. Above an
    assignment of a /24, the RIRs nearly always are allocating some multiple
    of 256 - though I have seen a couple I swear have to be typos on someone's
    part.

    >> >218.67.128.0-218.29.255.255

    >>
    >> I suspect that should be
    >>
    >> 218.67.128.0 - 218.69.255.255 Tianjing province network CHINANET-TJ

    >
    >Nice catch, I missed that. I will have to update it so I don't block
    >more than intended.


    I've no idea how a firewall would interpret the higher to lower number.
    One hopes they have a sanity check, and don't try 218.67.128.0 through
    255.255.255.255, then wrap 0.0.0.0 to 218.29.255.255.

    >The thing I like most about VR is that I can see the entire hop count
    >and have a clickable item for every column/row that expands into more
    >information than having to do several lookups. When I get a probe from
    >country X, I can see the full path to them (every network) and with just
    >a few simple clicks I can see every network that the hop owns and block
    >it.


    I'm assuming you mean the end points. For me, many routes to the Far East
    pass through Los Angles, San Francisco, Portland OR, Seattle, Salt Lake
    City or Denver, but blocking the IP ranges of those routers does absolutely
    nothing other than break traceroute at those hops, because their IPs never
    appear in the packets from APNIC, nor can I cause my packets to go
    elsewhere. Sending complaints to (for example) AT&T Long Lines that they
    shouldn't be carrying packets from/to $COUNTRY does no good, because I'm
    not a customer of theirs anyway.

    Old guy
     
    Moe Trin, Jan 7, 2005
    #9
  10. Reffo

    Leythos Guest

    In article <>,
    says...
    > In article <>,
    > Leythos wrote:
    >
    > >In article <>,
    > > says...

    >
    > >> Other than knowing which servers to ask, what does 'VisualRoute' tell you
    > >> that 'whois' doesn't? (I really don't care about intermediate hops that
    > >> can't be blocked, and I know what a map looks like.)

    >
    > >Visual Route provides a very nice spreadsheet that lets me see every %
    > >Loss, IP Address, Node Name, Location, TimeZone, ms time, a time graph,
    > >and the Network owner.

    >
    > And this helps you exactly how? I don't know how your network is set,
    > but every upstream I've worked with in the past eight years has been
    > ignoring Source Routing, and that's the only control you have on where
    > your packets go when routing from "here" to "there". You have no control
    > at all at how packets are routed from "there" to "here". The IPs of the
    > intermediate hops only become known when using a network diagnostic
    > like traceroute (or clones). There is nothing in a packet that comes
    > from $THERE that tells where it's been, so what do you do with the
    > information you gain?
    >
    > I'm assuming the program uses ICMP echos with incremental TTL values like
    > the Microsoft "tracert" (or the *nix "mtr" application from bitwizard).
    > Given that some routers/firewalls are dropping pings, have you compared
    > results using the original Unix version of traceroute (defaults to UDP)
    > or the Linux TCP version??


    When I to a VR I get the NOC info for every hop, that's the nice part
    for me - full owner info and block. It means that I can quickly get the
    info from one source while viewing everything. Sure, I know it can be
    done after a tracert by doing individual looks, but that would require
    more work - since I use and love VR it's just a simple click to see what
    path takes me to the probing IP - the info along the path is what I'm
    looking for.

    > >I like the ability to click on the network owner name and get a full
    > >list of IP's they own.

    >
    > And you can't get this from 'whois'?


    Sure, as can anyone, but, as I said, it's a very nice, all inclusive,
    type interface. Why would I want to take the extra steps when it's a
    single click on the GUI to see it all?

    [snip]
    > >> >218.67.128.0-218.29.255.255
    > >>
    > >> I suspect that should be
    > >>
    > >> 218.67.128.0 - 218.69.255.255 Tianjing province network CHINANET-TJ

    > >
    > >Nice catch, I missed that. I will have to update it so I don't block
    > >more than intended.

    >
    > I've no idea how a firewall would interpret the higher to lower number.
    > One hopes they have a sanity check, and don't try 218.67.128.0 through
    > 255.255.255.255, then wrap 0.0.0.0 to 218.29.255.255.


    Yea, I think it ignored the range. I've since corrected it.

    > >The thing I like most about VR is that I can see the entire hop count
    > >and have a clickable item for every column/row that expands into more
    > >information than having to do several lookups. When I get a probe from
    > >country X, I can see the full path to them (every network) and with just
    > >a few simple clicks I can see every network that the hop owns and block
    > >it.

    >
    > I'm assuming you mean the end points. For me, many routes to the Far East
    > pass through Los Angles, San Francisco, Portland OR, Seattle, Salt Lake
    > City or Denver, but blocking the IP ranges of those routers does absolutely
    > nothing other than break traceroute at those hops, because their IPs never
    > appear in the packets from APNIC, nor can I cause my packets to go
    > elsewhere. Sending complaints to (for example) AT&T Long Lines that they
    > shouldn't be carrying packets from/to $COUNTRY does no good, because I'm
    > not a customer of theirs anyway.


    The block list appears to block anything from the ranges I specify -
    since the probe comes from a foreign host and since I can see all the
    other hops and that they are foreign, it allow me to block their ranges
    too. While I may not have got a probe from hop 15, if I can see that hop
    15 is some place in Korea and it's network block assignment, I can block
    it before I get probed. It's nice to see the list (I don't use the map
    function, only the spreadsheet mode).

    I added 220.72.0.0/12 tonight along with 211.54.40.0/25

    I don't even bother complaining to anyone outside the US, it almost
    never does any good. It's easier to block their network and just not
    have to deal with them. If there is no reason for anyone in country XYZ
    to hit our servers I don't see any reason I should expose the network to
    them.

    Here's a link to their site http://www.visualiptrace.com/index.html


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jan 7, 2005
    #10
  11. Reffo

    Moe Trin Guest

    In article <>,
    Leythos wrote:

    >When I to a VR I get the NOC info for every hop, that's the nice part
    >for me - full owner info and block. It means that I can quickly get the
    >info from one source while viewing everything. Sure, I know it can be
    >done after a tracert by doing individual looks, but that would require
    >more work


    Understand the 'one place to look' concept. I just never bother with
    anything but the last hop, as that's really the only one you can do
    anything about. As for finding what block is in what country, I find
    it easier to use the RIR databases. Want to know all of the networks in
    Suriname (domain SR) or Syria (domain SY)?

    [compton ~]$ zgrep 'S[RY]' IP.ADDR/stats/[ALR]*
    IP.ADDR/stats/LANIC.gz:SR 200.1.156.0 255.255.252.0 assigned
    IP.ADDR/stats/LANIC.gz:SR 200.2.160.0 255.255.240.0 allocated
    IP.ADDR/stats/RIPE.gz:SY 82.137.192.0 255.255.192.0 allocated
    IP.ADDR/stats/RIPE.gz:SY 213.178.224.0 255.255.224.0 allocated
    [compton ~]$

    Done! (By the way, there are just under 66,000 blocks assigned in IPv4.)

    I rarely use a tool that depends on ICMP echo as does tracert or mtr,
    because of the frequent dropped packets. Even the UDP version it getting
    less useful because of firewalls. That's where the TCP version comes in
    handy - as it's RARELY blocked.

    >since I use and love VR it's just a simple click to see what path takes
    >me to the probing IP - the info along the path is what I'm looking for.


    Usually, only the last hop or three is relevant. I just did three traces
    to the 211.54.40.0/25 you mention below, and was routed via Verio through
    several hops in California thence to Seattle, to HINET in Taipei and then
    to KORNET when tracing to TCP:80, and to broadwing.net in Hayward California,
    and direct to KORNET when tracing to UDP or TCP:53. And it's repeatable
    which I find strange. Somebody upstream has some strange routing policy
    setups at the moment.

    >The block list appears to block anything from the ranges I specify -
    >since the probe comes from a foreign host and since I can see all the
    >other hops and that they are foreign, it allow me to block their ranges
    >too. While I may not have got a probe from hop 15, if I can see that hop
    >15 is some place in Korea and it's network block assignment, I can block
    >it before I get probed.


    As you have little business overseas, it might just be simpler to set a
    permitted range of networks you want to hear from, and ignore the rest. That
    is the base philosophy of Wietse Venema's tcpwrappers (man 5 hosts_access).

    >I added 220.72.0.0/12 tonight along with 211.54.40.0/25


    See RFC1878. 220.72 isn't on a /12 boundary. You may want 220.64.0.0/12
    which is 220.64.0.0 - 220.95.255.255 which is five different blocks assigned
    to Korea.

    [compton ~]$ zgrep ' 220.[5-9][0-9]' IP.ADDR/stats/APNIC.gz
    KR 220.64.0.0 255.248.0.0 allocated
    KR 220.72.0.0 255.248.0.0 allocated
    KR 220.80.0.0 255.248.0.0 allocated
    KR 220.88.0.0 255.252.0.0 allocated
    KR 220.92.0.0 255.252.0.0 allocated
    JP 220.96.0.0 255.252.0.0 allocated
    [compton ~]$

    As far as 211.54.40.0/25 goes, you could simplify that to 211.32/12 because
    the 37 blocks from 211.32.0.0 to 211.63.255.255 are all in Korea.

    >I don't even bother complaining to anyone outside the US, it almost
    >never does any good. It's easier to block their network and just not
    >have to deal with them. If there is no reason for anyone in country XYZ
    >to hit our servers I don't see any reason I should expose the network to
    >them.


    For certain countries, that's saving you the frustration. There are several
    that have a real 'pride' problem, who tend to send complaints to /dev/null.
    My home setup is simple, because I don't offer any services, and therefore
    don't accept inbounds from anywhere. At work, it's a good bit more complex
    because we do business overseas, but it's not unbearable.

    >Here's a link to their site http://www.visualiptrace.com/index.html


    Hmmm, a Java app. Funny that the requirements for Linux are "Linux 2.2.5-15"
    No I don't know if that refers to 2.2.5 to 2.2.15 (I don't know of any
    current distro using a kernel that old - the "current" 2.2.x kernel is
    2.2.27, and all current distros are 2.4.26 to 2.4.28, or 2.6.6 to 2.6.10)
    or it refers to what they saw with uname -a in which case it refers to an
    ancient kernel from Red Hat - 2.2.5-15 was the out-of-box kernel for RH6.0
    back in 1999. Actually, the kernel is totally irrelevant to a Java app.
    Wonder why it's x86 only. Java shouldn't care. The Sloaris 2.5 is also
    ancient (2.10 should be out this year), and they ignore the *BSD family
    except for the OSX derivative.

    Lots of handwaving - but I don't see the price listed on the web site.

    Old guy
     
    Moe Trin, Jan 8, 2005
    #11
  12. Reffo

    Reffo Guest

    I do also need to say that since every interests from
    Nigeria is for getting confirmed e-mail addresses, there are
    tousands of reasons for locking them out.

    Scammers?!
    Oh yes, offered millions of US$ ? ...From Nigeria...
    Well known as Nigeria Mail.

    -Reffo
     
    Reffo, Jan 8, 2005
    #12
  13. Reffo

    Jim Watt Guest

    On Sat, 08 Jan 2005 12:26:36 GMT, "Reffo" <> wrote:

    >I do also need to say that since every interests from
    >Nigeria is for getting confirmed e-mail addresses, there are
    >tousands of reasons for locking them out.
    >
    >Scammers?!
    >Oh yes, offered millions of US$ ? ...From Nigeria...
    >Well known as Nigeria Mail.
    >
    >-Reffo


    for less than $26m in dirty money see

    http://www.geobytes.com/

    who have the solution you are looking for.



    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jan 8, 2005
    #13
  14. Reffo

    Leythos Guest

    In article <Xns95D8825CA632awrench4allnuts@130.133.1.4>,
    says...
    > Leythos <> confessed in
    > news::
    >
    > > In article <R2nCd.79549$>, nospam@ja-
    > > takk.com says...
    > >> Hi.
    > >>
    > >> I'm not trying to be like George Bush, but I got the idea from this

    > issue.
    > >>
    > >> I'm having a website where Nigerian people can't find anything else
    > >> then addresses for spam. And, I've seen that they are registering to get
    > >> access
    > >> to members lists etc.
    > >>
    > >> Since I feel that I can live without Nigerian IP's on my website, I

    > would
    > >> love to know
    > >> how I could lock out Nigerian IP's!
    > >>
    > >> I know the terms in .htaccess Deny from xxx.xxx.xxx.
    > >>
    > >> Else? Just to lockout that country?

    > >
    > > There is no clear way to just block a country as some IP get intermixed
    > > in locations, but, using a program called VisualRoute I've managed to
    > > block most of the Nasty places.
    > >
    > > I'm in the USA and only have a couple countries that I work with outside
    > > the US, here's my block list:
    > >
    > > 12.144.182.0/24
    > > 12.45.203.0/24
    > > 12.98.139.0/24
    > > 155.48.106.0/24
    > > 172.184.111.203
    > > 193.251.0.0/16
    > > 193.252.0.0/16
    > > 193.253.0.0/16
    > > 195.58.124.0/24
    > > 200.30.203.0/24
    > > 202.88.186.0/24
    > > 203.152.22.0/24
    > > 205.251.79.0/24
    > > 210.173.37.0/24
    > > 210.201.153.0/24
    > > 210.71.115.0/24
    > > 212.150.124.0/24
    > > 212.18.57.0/24
    > > 212.202.178.0/24
    > > 212.27.32.0-212.27.63.255
    > > 212.9.7.0/24
    > > 213.13.26.0/24
    > > 213.190.213.0/24
    > > 213.228.7.0/24
    > > 216.184.97.0/24
    > > 216.76.35.0/24
    > > 217.118.224.0/24
    > > 217.118.225.0/24
    > > 217.160.110.0/24
    > > 217.224.0.0-217.237.161.47
    > > 217.80.0.0-217.89.31.255
    > > 218.164.28.0/24
    > > 218.252.74.0/24
    > > 218.67.128.0-218.29.255.255
    > > 218.69.108.0/24
    > > 218.69.148.0/24
    > > 218.76.98.0/24
    > > 219.212.4.0/24
    > > 219.56.0.0/24
    > > 219.97.93.0/24
    > > 61.135.148.0/24
    > > 61.175.239.0/24
    > > 61.181.0.0/16
    > > 61.218.19.0/24
    > > 61.33.206.0/24
    > > 61.48.18.0/24
    > > 62.154.0.0/17
    > > 64.230.125.0/24
    > > 66.250.125.0/24
    > > 66.250.32.0/24
    > > 66.28.35.131
    > > 66.57.133.0/24
    > > 80.117.220.0/24
    > > 80.12.255.0/24
    > > 80.145.85.0/24
    > > 80.201.16.0/24
    > > 81.56.58.0-81.56.59.255


    read the thread - I had a typo in one of the ranges:
    > > 218.67.128.0-218.29.255.255


    should have been 218.69.255.255 on the end.

    I've also added about 8 more networks since that post :)

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jan 8, 2005
    #14
  15. Reffo

    IPGrunt Guest

    Leythos <> confessed in
    news::

    > In article <R2nCd.79549$>, nospam@ja-
    > takk.com says...
    >> Hi.
    >>
    >> I'm not trying to be like George Bush, but I got the idea from this

    issue.
    >>
    >> I'm having a website where Nigerian people can't find anything else
    >> then addresses for spam. And, I've seen that they are registering to get
    >> access
    >> to members lists etc.
    >>
    >> Since I feel that I can live without Nigerian IP's on my website, I

    would
    >> love to know
    >> how I could lock out Nigerian IP's!
    >>
    >> I know the terms in .htaccess Deny from xxx.xxx.xxx.
    >>
    >> Else? Just to lockout that country?

    >
    > There is no clear way to just block a country as some IP get intermixed
    > in locations, but, using a program called VisualRoute I've managed to
    > block most of the Nasty places.
    >
    > I'm in the USA and only have a couple countries that I work with outside
    > the US, here's my block list:
    >
    > 12.144.182.0/24
    > 12.45.203.0/24
    > 12.98.139.0/24
    > 155.48.106.0/24
    > 172.184.111.203
    > 193.251.0.0/16
    > 193.252.0.0/16
    > 193.253.0.0/16
    > 195.58.124.0/24
    > 200.30.203.0/24
    > 202.88.186.0/24
    > 203.152.22.0/24
    > 205.251.79.0/24
    > 210.173.37.0/24
    > 210.201.153.0/24
    > 210.71.115.0/24
    > 212.150.124.0/24
    > 212.18.57.0/24
    > 212.202.178.0/24
    > 212.27.32.0-212.27.63.255
    > 212.9.7.0/24
    > 213.13.26.0/24
    > 213.190.213.0/24
    > 213.228.7.0/24
    > 216.184.97.0/24
    > 216.76.35.0/24
    > 217.118.224.0/24
    > 217.118.225.0/24
    > 217.160.110.0/24
    > 217.224.0.0-217.237.161.47
    > 217.80.0.0-217.89.31.255
    > 218.164.28.0/24
    > 218.252.74.0/24
    > 218.67.128.0-218.29.255.255
    > 218.69.108.0/24
    > 218.69.148.0/24
    > 218.76.98.0/24
    > 219.212.4.0/24
    > 219.56.0.0/24
    > 219.97.93.0/24
    > 61.135.148.0/24
    > 61.175.239.0/24
    > 61.181.0.0/16
    > 61.218.19.0/24
    > 61.33.206.0/24
    > 61.48.18.0/24
    > 62.154.0.0/17
    > 64.230.125.0/24
    > 66.250.125.0/24
    > 66.250.32.0/24
    > 66.28.35.131
    > 66.57.133.0/24
    > 80.117.220.0/24
    > 80.12.255.0/24
    > 80.145.85.0/24
    > 80.201.16.0/24
    > 81.56.58.0-81.56.59.255
    >
    >


    Quite useful! Thanks.

    -- ipgrunt
     
    IPGrunt, Jan 8, 2005
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BoBi
    Replies:
    0
    Views:
    372
  2. BoBi
    Replies:
    0
    Views:
    323
  3. BoBi
    Replies:
    0
    Views:
    396
  4. BoBi
    Replies:
    0
    Views:
    326
  5. BoBi
    Replies:
    0
    Views:
    319
Loading...

Share This Page