Blocking port range

Street · 10 Mar 2008 at 13:00

We use a Linux box at work to host a number of domains and email.. However, for the last few days we have been getting spammed constantly from addresses on the following range..

168.95.5.0

The amount of mails coming in is completely bogging down our server and is filling up the log files.

I have tried using iptables to block all incoming attempts from that range using..

iptables -I INPUT -s 168.95.5.0/168.95.5.255 -j DROP

I have rebooted the box but the connections are still coming through!

Anyone got any other ideas on how I can block them?

Cheers,
Andy

rick827 · 10 Mar 2008 at 13:14

Correct me if im wrong.. but isnt the correct syntax

"168.95.5.0-168.95.5.255" OR..
"168.95.5.0/255.255.255.0" OR..
"168.95.5.0/24"

?

Street · 10 Mar 2008 at 13:15

Ahha yeh I'll give it a go thanks!

Street · 10 Mar 2008 at 13:40

Hmm, that still doesn't seem to be stopping the spammers hitting our server.. Anyone got any other ideas on how to stop it?

.walls · 10 Mar 2008 at 15:03

Would you not be better dropping everything by default and opening only what you need?

Code:

#!/bin/bash
iptables --flush  
iptables -P INPUT DROP  
iptables -P FORWARD DROP  
iptables -P OUTPUT DROP  
iptables -A INPUT -i lo -j ACCEPT  
iptables -A OUTPUT -o lo -j ACCEPT  
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 80,443 -j ACCEPT
iptables <other rules>

EDIT: - ok not exactly what you were asking, but I think it's a better solution.