rweaver |
05-04-2010 06:03 PM |
What you will want to do is find their netblock and use iptables to drop that entirely. Basically something like (although this may not be accurate mind)...
Code:
core:~# dig www.alicedsl.de
; <<>> DiG 9.5.1-P3 <<>> www.alicedsl.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28825
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.alicedsl.de. IN A
;; ANSWER SECTION:
www.alicedsl.de. 345460 IN A 85.183.254.1
;; AUTHORITY SECTION:
alicedsl.de. 234509 IN NS ns2.hansenet.de.
alicedsl.de. 234509 IN NS ns1.hansenet.de.
;; ADDITIONAL SECTION:
ns1.hansenet.de. 83836 IN A 213.191.73.65
ns2.hansenet.de. 85754 IN A 213.191.74.20
;; Query time: 29 msec
;; SERVER: 74.200.192.133#53(74.200.192.133)
;; WHEN: Tue May 4 17:53:57 2010
;; MSG SIZE rcvd: 126
core:~# whois -h whois.arin.net 85.183.254.1
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 85.0.0.0 - 85.255.255.255
CIDR: 85.0.0.0/8
NetName: 85-RIPE
NetHandle: NET-85-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2009-05-18
# ARIN WHOIS database, last updated 2010-05-03 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
Found a referral to whois.ripe.net:43.
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '85.176.0.0 - 85.183.255.255'
inetnum: 85.176.0.0 - 85.183.255.255
org: ORG-HTG2-RIPE
netname: DE-HANSENET-20041029
descr: PROVIDER Local Registry
descr: HanseNet Telekommunikation GmbH
country: DE
admin-c: DM3738-RIPE
tech-c: SA1375-RIPE
tech-c: TG819-RIPE
tech-c: ASZ-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: HANSENET-NOC
mnt-routes: HANSENET-MNT
source: RIPE # Filtered
organisation: ORG-HTG2-RIPE
org-name: HanseNet Telekommunikation GmbH
org-type: LIR
address: HanseNet Telekommunikation GmbH
Danny Maack
Ueberseering 33a
22297 Hamburg
GERMANY
phone: +49 40 23726 0
fax-no: +49 40 23726 193996
admin-c: DM3738-RIPE
mnt-ref: HANSENET-NOC
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Danny Maack
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: GERMANY
phone: +49 40 237 26 0
fax-no: +49 40 237 26 3996
abuse-mailbox: abuse@hansenet.com
nic-hdl: DM3738-RIPE
mnt-by: HANSENET-MNT
source: RIPE # Filtered
person: Andreas Schwarz
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33a
address: 22297 Hamburg
address: Germany
phone: +49 40 23726 0
fax-no: +49 40 23726 3772
remarks: PGP/GPG Key ID 0x3C40103A
nic-hdl: ASZ-RIPE
mnt-by: ASZ-MNT
source: RIPE # Filtered
person: Thomas Graumann
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: 22297 Hamburg
address: Germany
address: DE
phone: +49 40 23726 3294
fax-no: +49 4023726 3772
abuse-mailbox: abuse@hansenet.com
nic-hdl: TG819-RIPE
mnt-by: HANSENET-MNT
source: RIPE # Filtered
person: Svend Andersen
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: GERMANY
phone: +49 40 237 26 3235
fax-no: +49 40 237 26 3772
abuse-mailbox: abuse@hansenet.com
nic-hdl: SA1375-RIPE
mnt-by: HANSENET-NOC
source: RIPE # Filtered
% Information related to '85.176.0.0/13AS13184'
route: 85.176.0.0/13
descr: HANSENET
origin: AS13184
mnt-by: HANSENET-MNT
source: RIPE # Filtered
Which tells you basically that their ip range is 85.176.0.0 - 85.183.255.255 or 85.176.0.0/21 (8 class c blocks)... so you can block them by using an iptables rule like the following which will prevent all traffic to and from them:
Code:
iptables -A INPUT -s 85.176.0.0/21 -j DROP
iptables -A OUTPUT -d 85.176.0.0/21 -j DROP
ymmv, if you want to ditch all of europe you could drop ripe's ip ranges... which if memory serves me are 62/8, 77-91/8, 193-195/8, and a few others I can't remember... you can search for it if you want the information.
Edit: just as a clarification, alicedsl.de doesn't seem to have their own netblock so you're blocking their provider. If you have the addresses connecting to you verify those addresses are in the netblock you want to block.
|