The following list(s) can be used for defensive purposes. Please make sure you double check your ethernet cards (em0,fxp0,eth0,hme0,etc)
Single Addresses list
Netblocks list
E.g.:
IPTables
wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\
awk '{print "iptables -A INPUT -s "$1" -j DROP"}'
PF
Make sure you place voipabuse in pf.conf
table voipabuse persist
block on YOUR_ETH_CARD from voipabuse to any
wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\
awk '{print "/sbin/pfctl -t spammers -Tadd "$1}'
IPFW
wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\
awk '{print "ipfw block in on all from "$1" to any"}'
It is your choice whether to block a single address or an entire netblock. I choose to block an entire netblock as most of the offenders are not my
clients nor is there anyone in my network connecting TO them. Should someone complain on the other end of the scope - from an attacking space to me - they can deal with
their provider.
Sent from Philip K. (Thanks for the nudge)
A quick alternate method for pf(4) is to have the following in /etc/pf.conf(5):
table persist file "/etc/pf.voipabuse.txt"
block in quick from
And then update with:
# curl -o /etc/pf.voipabuse.txt http://www.infiltrated.net/voipabuse/addresses.txt
# pfctl -t voipabuse -T replace -f /etc/pf.voipabuse.txt
and I might actually suggest for the file creation command something like:
# curl -s http://www.infiltrated.net/voipabuse/addresses.txt http://www.infiltrated.net/voipabuse/netblocks.txt > /etc/pf.voipabuse.txt
to get both Single Address and Netblocks lists at the same time in the same file.
That keeps a local persistent copy of the abuse list that will be reloaded on reboot without needing to re-fetch the remote copy.
|
