#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    6
    Rep Power
    0

    Blocking entire IP blocks


    Hi forum members,
    I'm learning linux on a server I've leased for that purpose. Can anyone tell me how to block IP addresses from entire regions or countries, such as Indonesia, Korea, China, etc?

    I just get too many suspicious probes from those areas.

    Thanks... toodles,
    Diana
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    YouŽll get "suspicious probes" from all over the world soon. If you want to block the whole world, just donŽt get on-line.

    Better keep your software up-to-date and read some security mailing lists so you know which software needs to be upgraded / disabled until a upgrade is available.

    Many people all over the world use dynamic IPs. If you block them, theyŽll come back with another IP address within 24 hrs. If you block a whole country, theyŽll come back using proxys in another country.

    Most "suspicious probes" as you call them are virii (or worms). TheyŽll spread all over the world and there is no way to prevent them trying to take over your box too. As said earlier, keep your software up-to-date and you donŽt need to worry about them.

    To answer your question and satisfy your curiosity:
    When you add rules to your ip chains, you can supply a network mask. This is used to mark a whole range of IPs. e.g.

    192.168.1.1/24 is 192.168.1.0 - 192.168.1.255
    192.168.1.1/16 is 192.168.0.0 - 192.168.255.255

    the number after the slash is the bits that will be taken for checking if a IP falls into the range or not.
    i.e. 24 bits = only the first three bytes are checked, the fourth byte can be any value = 192.168.1.0 - 192.168.1.255

    This is called a "netmask". They (netmasks) can also be expressed in a more IP-like manner: 255.255.255.0 (three bytes "1", one byte "0" - same as above. do you get the idea?)

    M.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    6
    Rep Power
    0

    the whole world in his hands... he's got the whole world in his hands...


    YouŽll get "suspicious probes" from all over the world soon.
    I get your point. And I agree with you under present world circumstances.

    I'll keep my attention focused on updated software, and read some of the security mailing lists.
    This is called a "netmask". They (netmasks) can also be expressed in a more IP-like manner: 255.255.255.0 (three bytes "1", one byte "0" - same as above. do you get the idea?)
    Explained in terms even my dyslexic, chemically imbalanced brain can decipher. I am most appreciative for your consideration.

    Diana

IMN logo majestic logo threadwatch logo seochat tools logo