why don't you block the entire country of china from connection

because proxies exist

>>57241821
post the script, pls

i aint typing that shit

>>57241852

#!/bin/bash

#get latest chinese ip addresses
echo "Fetching chinese ip address ranges..."
curl -o /tmp/cn.zone -L http://www.ipdeny.com/ipblocks/data/countries/cn.zone

#create the set
echo "Generating the blocking set..."
ipset create china hash:net

for i in $(cat /tmp/cn.zone); do
  ipset add china $i
done

iptables -I INPUT -m set --match-set china src -j DROP

echo "China is blocked!"
rm /tmp/cn.zone

>>57241863
thx, love

>>57241838
but the question is: do the basic bitch scipt kiddies over in china use them?

I just use fail2ban to ban anyone with 6 ssh authentication failures for 1 week.
A lot of times, they get re-banned mere seconds after being unbanned.

Do they seriously keep it up forever?

>>57241821
first thing I do when I see anything, ANYTHING fishy in the logs is I block Russia and I block China.

>>57241903
>they
Most of the connections you get are from botnets.

>>57241821
Are we talking about incoming or outgoing connections?

>>57242002
incoming for sure
outgoing i think my iptables lets established or responding tcp connections to still get through...

even if outgoing was blocked would anybody care? what is in china anyway?

Used to work for a webhosting company, one of the biggest in the UK. We would actually block all of china on the reg if we just experienced/were anticipating an attack. Nothing wrong with it.

Does regular Joe blow need to do this with his PC?/ what if I have my I internet firewall on windows set to public connection ?

How to block from Windows

>>57241821
Or you can buy a mac.

dd-wrt with optware used to have asiablock as a default rip :,(

>>57242032
>incoming for sure
Why would you even allow any incoming connections at all? I have my firewall drop all incoming connection attempts silently. It's as if my IP didn't exist

>>57242075
no

this is for a computer that has open public facing ports with services which inevitably get connection attempts from china. like every few minutes

>>57242096
how to stop chinese hackers from connecting in my cable box? my ip is 10.0.0.1

>>57242075
>>57242096

You'll need some kind of software firewall rules that block entire IP ranges. The default Windows firewall can do this and all you need to know are the IP ranges to block.

http://www.ghacks.net/2014/02/17/block-ip-ranges-windows-firewall/

This has the ranges to block.

http://ipdeny.com/ipblocks/data/countries/

>>57242148

https://cyber-defense.sans.org/blog/2011/10/25/windows-firewall-script-block-addresses-network-ranges

This has a Powershell script that should work.

File: terry.png (4MB, 1700x1700px) Image search: [Google]

4MB, 1700x1700px

I block ALL the CIA niggers.

>>57241882
Yes, everyone uses them to get around their guberments firewall

no, I'm a true freedumb, so I just make smoke signals and a friend from the next town over translates them and shitposts on various sites on my behalf

having a connection yourself is retarded; it's like you want to have Big Brother all in your space

>>57241821
I've blocked .ru and .cn for the last decade.

File: 1466509566475.jpg (57KB, 480x451px) Image search: [Google]

57KB, 480x451px

>>57243807
>only blocking the TLDs
>not the IP ranges

>not just blocking entire internet
its like you're willing to be a part of the botnet

>>57242126
yeah but then...

> you buy an IP-cam
> it opens a uPnP hole in your router
> someone using that shodan thing finds it
> connects to your IP-cam
> hacks it
> suddenly inside your router and on your LAN attacking your other devices

>>57244450
>it opens a uPnP hole in your router
Your argument is as easy to defeat as your premise: maybe stop turning on uPnP?

Also, that contradicts my premise as well. I said my firewall drops all incoming connection attempts. Your assumption of an IP-cam having an open port directly contradicts that

>>57244480
I meant it more as a statement on what happens to the average router owner who thinks they're safe because routers generally ship blocking incoming connections, if only by virtue of using NAT

I get the feeling IPv6 is going to be a shit-storm in this regard

>416 bans from 116.31.116.28
thank god i have a good firewall.

>>57241821
because i do business with people in china often, and that might cause some problems

>>57241821
Can I ban china russia and usa and still be able to use web normally or do the websites need to be unbanned fo me to use ?

>2016
>still using the internet
I shiggy jar jar do

because chinks already hacked your routers

>>57244520
>I meant it more as a statement on what happens to the average router owner who thinks they're safe because routers generally ship blocking incoming connections, if only by virtue of using NAT
The average user who feel comfort in their ignorance have a lot more things to be worrying about.

We were discussing iptables rules on a forum for technology enthusiasts. I fail to see how the averave joe factors into the picture at all.

>>57242127
Retard here, which computer would have this except for servers?

>>57244875
>We were discussing iptables rules on a forum for technology enthusiasts. I fail to see how the averave joe factors into the picture at all.
Actually, I retract my statement. >>57244885 >>57242075

>>57242148
Is there a way to easily blacklist every single IP and then manually white list them? Would this be a good way of removing any residual telemetry from Microsoft? I assume their firewall is programmed to ignore their servers, what would be a good alternative? I liked Comodo firewall but it feels bloated and doesn't warn about system-made connections at all.

>>57245036
>spending time to whitelist every site he visits in his firewall
>just /g/ things.gif

>>57241903

Machines running scripts anon. It costs them nothing because its probably a compromised machine anyways.

Its like spam its so cheap for them there is no point to stopping.

>>57245182
>spending less than 5 minutes to whitelist the 100-200 sites you visit is too much time wasted

>>57245633
>100-200 sites
wew lad

>>57244450
Thats why you put them in the DMZ with strict local access only so inbound + outbound drop and only allow local IP or MAC to connect to webgui of the thing

>>57241863
That's real smart, just apply a giant list of random Chinese IPs to iptables. That surely won't break anything. But it's okay, you can just easily revert your changes, right? Oh wait

>>57241838
If Chinese want to be labeled terrorists, then they will have to do with proxies/vpn.

VPN/Proxies/circumvential tools are classified as terrorists activities.

I have all non-US ip ranges banned from accessing mh web server. Obviously a cracker could use a vpn or proxy, but it stops a shit load of login attempts from Chinese machines.

>>57241903

>not using sha keys

they are literally uncrackable man like real fucking serious security dude

>>57241821
They will retaliate.

>>57241903
Move off port 22 and they will virtually stop

>>57246274
Security through obscurity my friend.
The only solution is to use key only authentication with a password.

>>57247091
>Security through obscurity my friend.
Which totally works.

>>57243660
he is the man

>>57245036
What is Tiny Wall?

>>57247091
based retardbro parroting inane garbage

>>57245888
>VPN/Proxies/circumvential tools are classified as terrorists activities.
According to who, you enormous faggot?

>>57245036
If you're using firehol/iptables

policy reject

(which is the default anyway)

>>57241821
No, because it is useless placebo shit.
Instead of doing so I keep my shit up to date and well configured.

>>57241821
why are you blocking the ips on your nas ?

>>57247091
You're fucking stupid.
Those are botnets scanning wellknown ports and don't even try other ports
If you move ssh to e.g. 50022, the attempts instantly stop.
It doesn't stop a dedicated attacker out for specifically your box, but that's not what you want to achieve anyways

>>57248657
No, you disable fucking password authentication and use standard ports you fucking faggot.

>>57248629
this. you should have a hardware firewall or at least a firewall/ACL on your router

File: .jpg (65KB, 620x347px) Image search: [Google]

65KB, 620x347px

>>57241852
Just block everything.

also if i got hackers on my machine, how can i check that?

>>57248744
Have fun being vulnerable to every 0day
Have fun being vulnerable to every private exploit
Have fun getting your logs spammed with connection attempts

>>57248503
Your mom.

>>57241821
because I download videogames from pan.baidu

>>57248744
Leaving ssh in the standard port will only put you in unnecessary risk.
If a day0 exploit is found you're fucked.

>>57248434
What the fuck is inane about that?
>what is NMAP/port scanning?
Anyone can find out what services you have running whether on a standard port or not

>>57249552
>Anyone can find out what services you have running whether on a standard port or not
99% of the attacks you're going to be subjected to are broad, mass scans of the internet. They go wide, not deep

it would be trivial to find your ssh daemon if it was on port 23 instead of 22 for sure, but that's not how botnets operate

Move it to a high port and the only way somebody's gonna find it is if they're specifically trying to single out your machine. As such, you've just reduced your attack surface to 1%

>>57248657
Anything above 1024 is a bad idea. These are privileged ports meaning that when you ssh in over port 22, it runs as root process and then falls back to the non-privileged user account.

Running ssh on port 50022 means that an unprivelged account opens the service so anyone can listen on the port and mimic ssh and capture credentials.

>>57249677
privileged ports are BELOW 1024

>>57249624
Or just don't set dumb standard passwords or even disable password based logins.

'cause that will also stop the usual botnets trying to "attack" SSH.

>>57249677
>so anyone can listen on the port and mimic ssh and capture credentials
Anyone with an account / program running on your machine could theoretically somehow do that, sure.

But with typical single human user machines that usually means your security is basically already fully compromised if someone got in that far (or if your package maintainers that you trust passed a botnet software comprehensive enough to check and do even THAT attack on SSH and you installed it to the system).

YMMV if you're running a shared server for other people of course.

>>57250114
>Or just don't set dumb standard passwords or even disable password based logins.
Dude, you are strawmanning so fucking hard. Nobody here has password login enabled. Just stop mentioning it.

>>57249677
>>>
>Anonymous 10/26/16(Wed)12:19:27 No.57249005▶
Are you autistic anon?

There is such a thing as proxies and VPNs
They just can work around your firewall
Aaand.... oh yeah, block the Russians and Iranians while you're at that

>>57242148
Shit thanks. I'll finally be able to block USA and chinks.

>>57250596
I do. Good luck brute forcing 128 bits of entropy on a non standard port with fail2ban faget

>>57241821
I hope you don`t do this on machines with public websites or other services.
I get really fuckin triggered when i see an error that says i cant browse the page because my ip is banned.