Re: Internet diagnosing

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet diagnosing

From:	Jeffrey Walton
Subject:	Re: Internet diagnosing
Date:	Sun, 5 Sep 2021 17:36:50 -0400

On Sun, Sep 5, 2021 at 5:02 PM Julius Hamilton
<juliushamilton100@gmail.com> wrote:
> ...
> My question is about there being some relationship between certain WiFi
> networks I use and my machine's inability to access the internet in some
> ways. For example, on one WiFi network, Google works fine in a browser, but
> Stack Overflow returns "This site can’t be reached; https://superuser.com/
> is unreachable.
> ERR_ADDRESS_UNREACHABLE". On another, I can use my Android browser
> normally, but nothing through Andronix (Android Linux).
>
> So I am curious where in the process the issue is, probably the WiFi
> network's settings? But, what kinds of settings are there? What would it be
> checking for to block Andronix, for example, or Stack Overflow?
>
> These are private networks so no one is blocking specific categories of
> sites, for example. The reason seems to be something more technical and
> accidental.

In case it helps... I regularly block netblocks if I find hosts in the
block trying to break into my servers. I contact the technical contact
from the WHOIS database, and if there is no response then I blackhole
the netblock.

Right now I think I have most of China and Digital Ocean blocked.
Below is partial list of iptable rules. Since the ban is not complete,
Chinese users may experience intermittent problems like you are
describing. The problems for the user come and go as the user switches
service providers/networks.

# China Mobile permanent ban. Constant
# problems. Emails to abuse@ bounce.
# This appears to be the Chinese military.
# Each time we banned a host another
# drone showed up, but using a longer time
# interval between attacks. Attacks
# started at 1s apart, then 5s, 30s, 1min, 5min,
# 10min and 30min.
-A INPUT -p all -s 111.0.0.0/10 -j DROP
-A INPUT -p all -s 183.192.0.0/10 -j DROP
-A INPUT -p all -s 183.197.0.0/17 -j DROP
-A INPUT -p all -s 221.130.0.0/15 -j DROP
-A INPUT -p all -s 221.176.0.0/13 -j DROP
-A INPUT -p all -s 223.119.255.0/24 -j DROP

# Chinanet permanent ban. Once we banned
# China Mobile, the same probes and
# attacks started from Chinanet.
-A INPUT -p all -s 49.64.0.0/11 -j DROP
-A INPUT -p all -s 106.119.0.0/16 -j DROP
-A INPUT -p all -s 117.41.48.0/20 -j DROP
-A INPUT -p all -s 118.112.0.0/13 -j DROP
-A INPUT -p all -s 124.236.0.0/14 -j DROP
-A INPUT -p all -s 222.184.0.0/13 -j DROP
-A INPUT -p all -s 218.92.0.0/16 -j DROP

# And then from China Internet Network
# Information Center (CNNIC).
-A INPUT -p all -s 121.4.0.0/15 -j DROP

# And from China Unicom. They are Wiki spammers.
-A INPUT -p all -s 115.48.0.0/12 -j DROP
-A INPUT -p all -s 123.8.0.0/13 -j DROP

# And more Chinese attacks
-A INPUT -p all -s 129.211.160.0/20 -j DROP
-A INPUT -p all -s 192.144.192.0/18 -j DROP

# Digital Ocean. Constant problems. They are as bad as
# the Chinese Military. It looks like they are working together.
-A INPUT -p all -s 68.183.0.0/16 -j DROP
-A INPUT -p all -s 104.131.0.0/16 -j DROP
-A INPUT -p all -s 128.199.0.0/16 -j DROP
-A INPUT -p all -s 142.93.0.0/16 -j DROP
-A INPUT -p all -s 157.230.128.0/20 -j DROP
-A INPUT -p all -s 192.241.128.0/17 -j DROP

Jeff

[Prev in Thread]

Current Thread

[Next in Thread]

Internet diagnosing, Julius Hamilton, 2021/09/05
- Re: Internet diagnosing, Jeffrey Walton <=
  - Re: Internet diagnosing, Jonesy, 2021/09/06
- Re: Internet diagnosing, Alex fxmbsw7 Ratchev, 2021/09/06

Prev by Date: Internet diagnosing
Next by Date: Re: Internet diagnosing
Previous by thread: Internet diagnosing
Next by thread: Re: Internet diagnosing
Index(es):
- Date
- Thread