←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 3 comments | 16 Nov 25 13:12 UTC | HN request time: 0.442s | source
1. m3047 ◴[16 Nov 25 18:15 UTC] No.45947136[source]
Upvoted not because the internet has ever been a safe haven, but for simply taking a moment to document the issue. But then again, I can't even give away a feed of what's bouncing off of my walls, drowning in my moat.

(An Alibaba /16? I block not just 3/8, but every AWS range I can find.)

replies(2): >>45947313 #>>45948542 #
2. zokier ◴[16 Nov 25 18:40 UTC] No.45947313[source]
fyi aws have been publishing (since 2014) all their IP ranges in simple json format https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

I'd hope other major clouds would do the same

3. A1kmm ◴[16 Nov 25 21:25 UTC] No.45948542[source]
It might be easier to block by ASN rather than hard-coding IP ranges. Something as simple as this in cron every 24 hours will help (adjust the ASNs in the bzgrep to your taste - and couple with occasional persistence so you don't get hit every reboot):

TEMPDIR=$(mktemp -d)

trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snap... -Lo "$TEMPDIR/snapshot.bz2"

bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true

iptables -D INPUT -j BAD_AS || true

iptables -A INPUT -j BAD_AS

iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do

    iptables -A BAD_AS -s $ROUTE -j DROP;
done