Let's say I've received unwelcome visits from the ip address 210.52.108.210. I can easily blackhole this ip address by right clicking the entry to include it in the ENS blackhole list. But let's say I'd like to blackhole an ip address range, e.g., 210.52.0.0 - 210.52.127.255. Simply changing the subnet mask for 210.52.108.210 from 255.255.255.0 to say 255.255.0.0 or even 255.0.0.0 does not seem to blackhole the entire range; intrusions from a different ip address on the subnet still get in.
So what is the formula to blackhole the entire ip address range?
Thanks, as always,
James
Blackhole an ip adress range
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Re: Blackhole an ip adress range
by adrien » Jun 18 09 12:55 am
Hi
should just be the mask approach as you tried. We'll have to check if there is a bug there.
Try changing to 210.52.108.0 mask 255.255.255.0
Adrien
should just be the mask approach as you tried. We'll have to check if there is a bug there.
Try changing to 210.52.108.0 mask 255.255.255.0
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Blackhole an ip adress range
by DrWho » Jun 18 09 6:54 am
Hi Adrien,
Just went back and read the help for ENS. The only difference suggested in the example versus what I described is that the ip address itself has a 0 at the position of the 0 in the subnet mask, consistent with what you just suggested. This may be significant.
I modified several strings of ip addresses in my blackhole list - now I just have to wait for an incoming challenge to see if the change was successful.
James
Just went back and read the help for ENS. The only difference suggested in the example versus what I described is that the ip address itself has a 0 at the position of the 0 in the subnet mask, consistent with what you just suggested. This may be significant.
I modified several strings of ip addresses in my blackhole list - now I just have to wait for an incoming challenge to see if the change was successful.
James
- DrWho
- Posts: 20
- Joined: Jul 04 08 6:16 am
Re: Blackhole an ip adress range
by adrien » Jun 19 09 1:38 am
Hi
I checked the code.
Looks like it doesn't apply the mask to the specified address (only the test address - the address sending the packet), so you need to specify a network address in the block settings rather than a host address. E.g. 210.52.108.0 rather than 210.52.108.210 if the mask is 255.255.255.0
I think I'll change it to mask also the address you enter... actually I thought it did that in the UI?
Regards
Adrien
I checked the code.
Looks like it doesn't apply the mask to the specified address (only the test address - the address sending the packet), so you need to specify a network address in the block settings rather than a host address. E.g. 210.52.108.0 rather than 210.52.108.210 if the mask is 255.255.255.0
I think I'll change it to mask also the address you enter... actually I thought it did that in the UI?
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Blackhole an ip adress range
by DrWho » Jun 19 09 2:16 am
Hi Adrien,
I can confirm that it does work with the ip address set to the block address (e.g., 210.52.108.0 rather than 210.52.108.210) as you said. Thanks for the help.
Jim
I can confirm that it does work with the ip address set to the block address (e.g., 210.52.108.0 rather than 210.52.108.210) as you said. Thanks for the help.
Jim
- DrWho
- Posts: 20
- Joined: Jul 04 08 6:16 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 3 guests