[Snort-sigs] Querstion about Chinese IP addresses

Dean Freeman wfreeman at ...435...
Mon Mar 12 10:27:32 EDT 2012


Miso,

You can try http://www.countryipblocks.net/country-blocks/ for starters.
Also, you can try verifying the location/owner of an IP via prefix whois.
For example:

$ whois -h whois.pwhois.org223.221.0.1
IP:
223.221.0.1

Origin-AS:
4134

Prefix: 223.220.0.0/15

AS-Path: 286
4134

AS-Org-Name:
Beijing

Org-Name: CHINANET Qinghai Province Network
Net-Name:
CHINANET-QH

Cache-Date:
1330988780

Latitude:
36.000000

Longitude:
96.000000

City:
QINGHAI

Region:
QINGHAI

Country: CHINA

On Mon, Mar 12, 2012 at 10:17 AM, Miso Patel <miso.patel at ...2420...> wrote:

> Does anyone have a good list of IP addresses allocated to China?  I don't
> do any business there and I get so much Unsolicited/Malicious traffic
> from them that I am tired of it and want to block the whole country.
> Recently the sweet-and-sour SYN has gotten more sour....  I suppose I could
> block APNIC but I would like to leave India open.
>
> Sorry to spam the snort-sigs list, I just thought someone here may know.
> AFIK, Snorts/VRT doesn't maintain IP block rules like Emerging Threats (and
> I suppose if VRT did it would be 30 days delayed unless you paid so that
> isn't very useful for the community but some of the timely stuff on the
> Emerging Thetan list has come in handy but I digress....)
>
> To summ up, I am tired of China making passes at my systems, touching them
> inappropriately, and would like to implement a reverse Great Firewall of
> China.  Please let me know off-list if you have a good set of known bad
> Chinese IPs.
>
> Thanks.
>
> -Miso, CISO
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>



-- 
Dean Freeman
Research Engineer
Sourcefire VRT - Department of Intelligence
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120312/e957344f/attachment.html>


More information about the Snort-sigs mailing list