Russian Federation IP addresses banned

by on Feb.22, 2009, under General Info

Just in case there were any valid readers coming from Russia, I must apologize. I have blocked all traffic coming from Russia, due to a spoofed DNS attack appearing to come from invest-pool.ru servers.
Also, in case you’re wondering who is affected by this block, here’s a CIDR list of the Russian Federation IP address space.

If the spoofed DNS attack appearing to emanate from invest-pool.ru stops, I’ll lift the ban.
Thanks for the info, Kiter. I figured it may be something like that, but had no way to be sure.


5 Comments for this entry

  • Kiter

    This attack doesn’t come from invest-pool.ru! They are the victims of a spoofed dns attack. Just make sure your dns is not responding to ‘. NS/IN’ requests and/or drop all incoming udp packets from the specific sources.

  • ksc

    I getting the same thing from the same source, and did the same thing – drop all of Russia. I already had {additional-from-cache no; recursion no;} set, but it’s just annoying.

    table persist file “/etc/badhosts.ru”
    block drop in quick on { $ext_if, $int_if } from to any

    Of course this doesn’t stop the 3-4 queries a second.

  • Jeff

    I’m just curious, where did you get the list?

  • brian

    Hi Jeff,

    You can get a CIDR list by country here:
    http://www.countryipblocks.net/index.php
    There are quite a few places online to find this information, but this is where I happened to get it from this time.

    Brian

  • Jeff

    Cool, thanks Brian.


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets is proudly powered by

Entries (RSS) and Comments (RSS)
Register - Login

Visit our friends!

A few highly recommended friends...