New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Trump & Iran
Charles_In_IT
Member
in General
Just wanted to start off by saying this is NOT a political post, please refrain from voicing your politics.
Since Trump knocked off that Iran general, I have seen a HUGE influx of IPs banging on my firewall door. Anyone else noticing/experiencing this?
Similar subnets like this: 46.38.144.0/24
https://bgp.he.net/ip/46.38.144.0
Comments
In all seriousness though, no - exact same amount of load as usual, all from China mainly.
Same. The majority of the shitty traffic to my servers is from China more than anywhere else.
The AS number advertising that is in Hong Kong (Tele Asia Limited): https://bgp.he.net/AS133398
The Iranian company who's name is listed had a different AS number that was only active from July 2019 to October 2019, which was previously routed via Tele Asia: https://bgp.he.net/AS208554
You're most likely just being attacked by someone in China using an IP block with stale whois info.
But I could be wrong, someone with more experience with BGP routing would know better.
So you’re saying there’s something troubling about unstoppable xtremist near Eastern techs?
Incompetent Iranian script kiddies do not make me lose sleep, even if they’re employed by Tehran.
Wow! Good catch! I normally block ALL China traffic, as much as I can, they're all garbage. I'll add this ASN to the block. Reminds me to keep a better eye on the ASN, not just the IP location. Thank you!
This gave me a good LOL! Typical Apple junk. Product of those Chinese sweatshops
Yea, I block China as much as I can. I don't see why everyone doesn't do it? They'll learn eventually, they can't get away with that behavior, when no one wants to play with them. Sometimes you gotta treat them like the back yard gimp step child they want to be LOL
Most of the middle east routes through Asia and Russia, so if you just block all IP blocks being announced by any Asian and Russian ASNs then you should be covered (assuming you have no desire to do business there, which we do not).
RIPE has an API you can use to automate this: https://stat.ripe.net/docs/data_api
In my mind, we need to turn the Great Firewall of China into a firewall facing the opposite way.
Every box with a public IP I've ever run over the last 10+ years eventually gets a bunch of Chinese IPs knocking on its door. Occasionally from other countries, but always from China.
Hell yeah:
Diving down further:
Bye bye to that range:
They're not targeting customers so:
https://clbin.com/m24dX
No idea if this has any relation to the mentioned events, but always happy to catch someone flying under radar and swapping out IPs just enough to avoid blocks.
I don't know if it's related, but I did observed odd things. Lot of requests from IP without reverse, a lookup showing they are coming from middle east, china and russia. It did last for some hours.
Among all my filters, I block IP without reverse.
CC_DENY RU,CN,TW,SG,IL,MX,BR,AG,IN,SG,SC :-o That leaves USA as the biggest culprits in hack attempts/port scanning.
It's so terrible here in Singapore that you've had to block us twice
Why not add HK also?
Does blocking China to access a server also means visitors from Hong Kong will also be blocked?
Oops, my usual typo - yes HK, in place of one SG
Note: I have an exception on one USA server, 'cos they have a client in MX.
P.S. Singnomore ain't such a bad place, having lived there as a kid, for a few years.
Anyway, it was just an example of what I usually have in place: Oz servers could have FR,DE etc. added to the list. Using an external source, I also block all AamazonWS. Additionally, this can be problematic if a particular GeoIP isn't up to date (hello, Virmach).
My VPS died once because Iran bombed it. They screwed up my BW usage in just 2 days.
Why are they attacking servers in Germany?