-
March 22nd, 2002, 01:36 AM
#1
how can i block an entire continent?
up until a couple of week ago, smtp/pop3 was fine. then the mis director decided we needed norton av for smtp gateways. I could not get both smtp authentication and av gateway to work at the same time so we brought in a consultant last wed.
The consultant says it can't be done, that as long as we use smtp w/norton we can't authenticate. the smtp sever needs to 'not authenticate all requests from the av server. It looks like we might get exchange, but it will take some time, 2 weeks to a month for the powers that be to decide.
Today i notice that someone in thiland has hi-jacked my server to relay spam, creating a log file 24 meg over normal. were talking serious spam.
I can't deal with this. I hate fu##en spam.
the corp says we must have av gateway and relay is essential for the work that they do.
the way i see it my only alternative is to filter out entire ip ranges. We have no dealins with S E asia so maybe blocking the whole lot and other misc spamhauses ain't a bad idea.
In ISA i can filter deny smtp to a range of ip addresses, but i don't quite understand it
the rage they ask for is:
subnet: xxx.xxx.xxx.xxx
mask: xxx.xxx.xxx.xxx
now given the block the spammer owns 202.198.0.1 - 202.198.255.255 how is this info calculated.
i tried to enter, under 'block this computer', 202.198.0.0 hoping to include everything included in 202.198, but that didn't work.
anybody have any idea?
ps if any one knows what the ip range is for s.e. asia that would be appreciated. not that all spam comes from their but much of it does.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 22nd, 2002, 01:48 AM
#2
Now, i have never worked with that software. But if it works anything like the IRC bans. I have done it with romania. Banned *.ro and 195.*
That is probably not what you are looking for, but it is the closest i have ever done to banning a whole country/continent.
-
March 22nd, 2002, 02:00 AM
#3
thats what i was trying to do with 202.198.0.0 where zeros include all numbers. the format dosn't allow wild cards and zero to seem to mean all. :-(
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 22nd, 2002, 02:07 AM
#4
http://www.hildrum.com/IPAddress.htm
that's a bit of info about IP Addresses work...
as far a blocking any particular set...you'd have to determine the ISP's set, then whittle it down from there...not easy.
Ouroboros
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
-
March 22nd, 2002, 02:27 AM
#5
i guess it would be easier to have the router drop all packets from asia-pac (202.0.0.0 - 203.255.255.255)
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 22nd, 2002, 02:33 AM
#6
hmm if you can get yourself a good ol trusty packet annalyzer.. u can filter out 202.198 and block it..
-
March 23rd, 2002, 09:39 PM
#7
i configured my router's outside interface to deny all traffic from those ip ranges. screw'em the only things i ever get from asia.pac are break-in attemps and spam.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|