question about blocking a whole IP block
I keep getting these nice authentication failures that have a hostname of:
rhost=50-56-125-156.static.cloud-ips.com I am trying to find out what the correct IP address range to block to filter all incoming connections to my network from the static.cloud-ips.com network.. So far I have been unsuccessful in finding out what there network address really is. Whois didn't give much info, nslookup has nothing, dig had very little helpfull info. |
WHOIS (whob) says:
Organization: Rackspace (+Slicehost) AS: 19994 Prefix: 50.56.0.0/17 ..which ROBTEX confirms. |
Quote:
I tried to use just whois.. |
Actually that's not true. static.cloud-ips.com serves 3 prefixes: 50.56.128.0/17, 207.97.192.0/18 and 67.23.0.0/19, all Rackspace. I'm not saying that's complete wrt prefix coverage or that there aren't any other ranges in other ASN's.
|
Quote:
|
Quote:
Quote:
|
Quote:
well I got about 5000 hits from random addresses on there network, trying to brute force my SSH service. Other people have other types of break in attempts they were reporting... |
Quote:
While I am not saying don't implement block lists (I myself do, especially with regards to emails), be sure that you are using them in conjunction with other, more reliable means of security. Edit: Followup Quote:
|
All times are GMT -5. The time now is 11:33 PM. |