Prev: Geting TOS from Received IP Packet
Next: simple usage of windows TAP-Win32 driver
From: H.K. Kingston-Smith on 14 Apr 2008 18:21
I am getting a few attempts from the hinet.net domain to have
email relayed through my email server. Since my email server requires
authentication, such attempts never get anywhere. However, they do
clutter my logs.

Would it be possible to have an IP tables rule such that any
packets from this domain, addressed to a given port, are rejected without
further ado?

From: Chris Davies on 14 Apr 2008 19:22
H.K. Kingston-Smith <HKK-S(a)yahoo.com> wrote:
> Would it be possible to have an IP tables rule such that any packets
> from this domain [hinet.net], addressed to a given port, are rejected
> without further ado?

Not by (domain) name, no. But if you can determine the set of IP address
ranges that hinet.net uses you can drop those quietly on the floor
with iptables.

[Quick check with whois...]

inetnum: 168.95.0.0 - 168.95.255.255
netname: Hinet
descr: CHTD, Chunghwa Telecom Co., Ltd.
country: TW
...

So, provided that this is the only netblock allocated to hinet, something
like this should do the trick:

iptables -I INPUT --source 168.95.0.0/16 --dport 25 -j REJECT

Chris
From: H.K. Kingston-Smith on 14 Apr 2008 20:22
On Tue, 15 Apr 2008 00:22:31 +0100, Chris Davies wrote:

> H.K. Kingston-Smith <HKK-S(a)yahoo.com> wrote:
>> Would it be possible to have an IP tables rule such that any packets
>> from this domain [hinet.net], addressed to a given port, are rejected
>> without further ado?
>
> Not by (domain) name, no. But if you can determine the set of IP address
> ranges that hinet.net uses you can drop those quietly on the floor with
> iptables.
>
> [Quick check with whois...]
>
> inetnum: 168.95.0.0 - 168.95.255.255 netname: Hinet
> descr: CHTD, Chunghwa Telecom Co., Ltd. country: TW
> ...
>
> So, provided that this is the only netblock allocated to hinet,
> something like this should do the trick:
>
> iptables -I INPUT --source 168.95.0.0/16 --dport 25 -j REJECT

The IP addresses in my logs seem to have been dynamically
allocated, and they always start with either 122.116 or 118.169 - never
168.95. Is there a way to find out what IP blocks have been set aside for
hinet.net?


From: Allen Kistler on 14 Apr 2008 22:09
H.K. Kingston-Smith wrote:
> On Tue, 15 Apr 2008 00:22:31 +0100, Chris Davies wrote:
>
>> H.K. Kingston-Smith <HKK-S(a)yahoo.com> wrote:
>>> Would it be possible to have an IP tables rule such that any packets
>>> from this domain [hinet.net], addressed to a given port, are rejected
>>> without further ado?
>> Not by (domain) name, no. But if you can determine the set of IP address
>> ranges that hinet.net uses you can drop those quietly on the floor with
>> iptables.
>>
>> [Quick check with whois...]
>>
>> inetnum: 168.95.0.0 - 168.95.255.255 netname: Hinet
>> descr: CHTD, Chunghwa Telecom Co., Ltd. country: TW
>> ...
>>
>> So, provided that this is the only netblock allocated to hinet,
>> something like this should do the trick:
>>
>> iptables -I INPUT --source 168.95.0.0/16 --dport 25 -j REJECT
>
> The IP addresses in my logs seem to have been dynamically
> allocated, and they always start with either 122.116 or 118.169 - never
> 168.95. Is there a way to find out what IP blocks have been set aside for
> hinet.net?
>
>

host -a hinet.net

> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51294
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;hinet.net. IN ANY
>
> ;; ANSWER SECTION:
> hinet.net. 13511 IN NS hntp1.hinet.net.
> hinet.net. 13511 IN NS hntp3.hinet.net.
> hinet.net. 13511 IN NS dns.hinet.net.
> hinet.net. 13558 IN MX 10 netnews.hinet.net.
>
> ;; AUTHORITY SECTION:
> hinet.net. 13511 IN NS hntp1.hinet.net.
> hinet.net. 13511 IN NS dns.hinet.net.
> hinet.net. 13511 IN NS hntp3.hinet.net.
>
> ;; ADDITIONAL SECTION:
> hntp1.hinet.net. 15718 IN A 168.95.192.1
> hntp3.hinet.net. 22467 IN A 168.95.192.2
> dns.hinet.net. 15718 IN A 168.95.1.1
> netnews.hinet.net. 13558 IN A 168.95.195.16

Looks like 168.95.something to me. The IP addresses you list belong to
apnic.net. Look up specific ones at

http://wq.apnic.net/apnic-bin/whois.pl
From: Chris Davies on 15 Apr 2008 04:13
H.K. Kingston-Smith <HKK-S(a)yahoo.com> wrote:
> Is there a way to find out what IP blocks have been set aside for
> hinet.net?

This works for me:

whois -h whois.apnic.net hinet

Just be aware that entries for HINET may refer to (at least) two
independent entities. Your one is based in Taiwan; the other looks like
it's based in Japan.

Chris
 |  Next  |  Last
Pages: 1 2
Prev: Geting TOS from Received IP Packet
Next: simple usage of windows TAP-Win32 driver