How to block * ?

  • How can I block the entire * ?

    I'm tired of hacker/cracker-wanna be coming from *

    How can I block it ?


  • I did put a Firewall Aliases as

    Then I put them on firewall rules.

    Is that correct?

  • No it didn't.

    It just blocked


  • With firewall rules it is not that easy.

    As you said: just blocks this domain but no subdomains.
    To block it by firewall you need all subdomains or all IP subnets.

    The other possibility could be squid + squidguard and block

  • I see.

    The problem lies they aren't using any IP to the hosts, so looks like I'll need to look for CIDR's.

  • @Nachtfalke:

    The other possibility could be squid + squidguard and block

    That would only be for egress traffic, and only for * sites. Sounds like he's referring to every host on Verizon's network, and ingress rather than egress traffic.

    You'll have to create an alias with their CIDR IP blocks to accomplish that. Though I doubt that's actually going to accomplish much if anything for you, there are countless far more malicious networks. US ISPs in general will quickly shut down abuse when it's reported, but God help you with Eastern Europe, China, and many other regions. I report a lot of abuse against our networks, US and western Europe get the best response. Eastern Europe and much of Asia, as much as half the time the abuse emails bounce, and for the remainder you almost never hear back and commonly see abuse continuing.

    You should also determine whether it's really a port scan (blocking of TCP:S), or if it's backscatter noise from things like spoofed source TCP SYN floods (where you're blocking TCP:SA). The former is something to report to their abuse, the latter is just an unfortunate fact of life on the Internet when a host on their network is being attacked. And it's frequently misinterpreted as something on their network "scanning" you, SYN ACKs are not that.