lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <A876923A2C9CD44BA76505F58ECF089D0664D8@gandalf.optimum.bm>
Date: Wed, 20 Jan 2010 16:44:40 +0000
From: Tim Mullen <Thor@...merofgod.com>
To: Lawrence Pingree <ntpeck@...oo.com>
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: RE: All China, All The Time

If you can parse out XML, I'm sure you can script up something to "build" sets for IPTables.  However, I don't know that IPTables has the ability to "group" the individual IP ranges into "sets" as opposed to simply putting them in as line-by-line rules.

That's the beauty of ISA/TMG/UAG - the xml files build individual sets comprised of IP ranges which you can apply by themselves to whatever protocols you wants to/from whatever network sources you want.  But, regardless of the chosen platform, at least you can parse out the XML to get what you want.
The important fields are:
  <fpc4:IPFrom dt:dt="string">66.227.2.137</fpc4:IPFrom> 
  <fpc4:IPTo dt:dt="string">66.227.2.144</fpc4:IPTo> 
  <fpc4:Name dt:dt="string">AL1122173577-1122173584</fpc4:Name>

Where IPFrom is the beginning IP of the range, IPTo is the ending IP of the range, and "Name" is a unique name for the range itself.  I chose to have the same simply be the country code followed by the range so it could be immediately identified even if used outside of a set.

Hope that has some use for you.

t

-----Original Message-----
From: Lawrence Pingree [mailto:ntpeck@...oo.com] 
Sent: Wednesday, January 20, 2010 8:29 AM
To: Tim Mullen
Cc: bugtraq@...urityfocus.com
Subject: Re: All China, All The Time

Hey thor,
I would love if you had something for IPtables to do this.

Best Regards,

Lawrence Pingree

On Jan 13, 2010, at 12:28 PM, "Thor (Hammer of God)" <thor@...merofgod.com> wrote:

With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.  

As many of you know, I’ve been totally blocking China for years, mostly because I’m a Porcelain kind of guy.  Oh, and the fact that the entire country’s network is a festering cesspool of scum and villainy. 

Here’s an article I wrote about a 1.5 years ago on the subject if it has any relevance to you.

http://www.securityfocus.com/infocus/1900/1

如果您可以看到这一点,不回答 - 我不会得到它。

t

____________________
Timothy (Thor) Mullen
thor@...merofgod.com
www.hammerofgod.com






      

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ