To boldly spot new shodan.io addresses with the help of Picard

My dislike of shodan.io (my blog) is well documented

goldfish.census.shodan.io
does not resolve to address 
185.163.109.66

So here is another to crimson firewall and forget

That address comes from Romania who if your feeling in the mood email it to the isp abuse@m247.ro because i would not not want to host anything on that address.

I seem to be having a multiple st:tng episode day today.

 

Another shodan.io find once again co hosted with David Attenborough

The delights of being a shodan.io spotter (my blog) never disappoint.  Beats birdwatching

pirateCome and meet

pirate.census.shodan.io
does not resolve to address 71.6.146.185

Of whom that isp is remembered

But is actually

;; ANSWER SECTION:
pirate.census.shodan.io. 300    IN      A       216.117.2.180

picardWhich may also be called burger (my blog) I make no comment about them as i know them already other than hi once more shall suffice.

What was up with burger ?

Anyhow something well worth crimson firewalling. You should by all know my views on the scum at shodan.io.

Enjoy your day

 

The adblocker

Advertisng can be rogue on the internet serving malware and viruses and killing your internet quota (my blog). After i installed this newer blocker i noticed the better statistics with 10% of requests being blocked, of those 10% which would have sucked down gigabytes of data and set thousands of cookies.

Oddly some blockers get more attention than others from sites who will not pay up for malware infections they served up via an incompetent third party.  So they know the problem but be unwilling to tackle the issue

I have a browser without an blocker and that is rarely used for reasons i am sure you can guess.

upsetting the shodan.io fanboys

crazyfanBananas has shodan blocked (my blog) after all the traffic they send is crap.  These fans of shodan (not that kung foo thing) have a weird logic that means as well there port scanning crap, spammers also would be given free range to try and send viruses (my blog) and whatever to systems because that’s fair and justifies shodan.io as well.

I have a scheduled task that needs no intervention from me but i notice that shodans fans got upset when a writer for one of pointy hair it management types magazines also called shodan a waste of space.

I maintain my view that shodan is traffic best not processed with, along with spammers who seem to have access to it.

Email virus scanning needing some help

The zoo’s virus thing [not that microsoft windows crap you run] was not working well or did not have the definitions and as we do not get that many and they get reported and blocked until the next server reboot whenever that is so life is limited here for botnet members.

Anyhow with the rise of attachments whom did not originate where they said they did i decided to go look at improving at virus detection rather than doing spf that some retard at yahoo (my blog) and elsewhere has yet to figure out.

Yes we have spf but being correct in inbound spf means a lot yahoo email wont get through and you have to tolerate idiots sending email or the zoo staff complains about it

moranIts a fact of life that many retards inhabit email servers, an example where i nearly choked on my coffee one morning was on the dmarc email list when some corporate citizen had yet to even do spf and also wanted dmarc (my blog).  I assume that as it was not a paid service from somebody else it failed the i should have done that about ten years ago motivation

So i go looking for fresher virus databases and find them.so one saturday i decide to install them, apart from some missing settings on update and ownership of the files i am pretty close after installing rsync the sunday log looks good.

The reason i worked on the saturday is so i could troubleshoot and be ready for monday for testing  by you special internet users you know them as well.  Monday came round and Vietnam verified it was working.

amavis[x]: (26467-09) Blocked INFECTED (Malware.24819.MacroHeurGen.Hp.UNOFFICIAL) {DiscardedInbound,Quarantined}, [14.170.60.120]:50964 [14.170.60.120] <sales@transglobalexpress.co.uk> -> <info@zoo>, quarantine: O/virus-Oupswa7kUlmo, Queue-ID: ECA6EBD6899, Message-ID: <7D1C0677256B441FAF71558ABA98D26D@409733db1>, mail_id: Oupswa7kUlmo, Hits: -, size: 98052, 328 ms

great bananas, but the catholic preist raped my childrenSo i broke out the celebratory bananas after all that Monday was declared a success. Retards at yahoo get there mail delivered and i dont have to deal with nasty stuff with the zoo.

I still hate microsoft for designing this crap that even i have to deflect.

Crook

Crook

Eventually the server which is not a microsoft product will delete the virus attachment when set so it will never be opened by a lifeform. It would be nice to not have a scanner on the server but it appears that is how things are however i do get to call all microsoft employees retards for writing special code (my blog) that makes windows software unusable.

 

blocklist versus prohibit in linux networking

tube recycle those 1's and 0's

tube recycle those 1’s and 0’s

Both do the same sort of thing (my blog) except that it prohibit bad traffic except that prohibit tells you why.

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:818717 errors:0 dropped:0 overruns:0 frame:0
          TX packets:818717 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:232611001 (221.8 MiB)  TX bytes:232611001 (221.8 MiB

Mind you

RX bytes:552785153 (527.1 MiB)  TX bytes:552785153 (527.1 MiB)

Is proof there is a lot of traffic not worth responding to

Null routing bh.zain.com (menatelecom)

baconOK after null routing a few addresses (my blog) i decided to make a list of cidr’s for bh.zain.com. or Mena telecom I like blocklisting Bahrain.

So i went to ripe.net and found there ranges by searching for BH-MTC regulars who love bacon and blocking retards in Bahrain will know this is a common identifier.

A list will appear

 109.161.192.0-109.161.255.255
 109.161.128.0-109.161.191.255
 94.79.224.0-94.79.255.255
 94.79.192.0-94.79.223.255
 83.136.57.0-83.136.63.255
 62.209.24.0-62.209.31.255
 62.209.16.0-62.209.23.255
 62.209.8.0-62.209.15.255
 62.209.0.0-62.209.7.255
missed this ranges though 
 109.63.96.0/19
 109.63.0.0-109.63.31.255

And then i do cidr’s

109.161.192.0/18
109.161.128.0/18
94.79.224.0/19
94.79.192.0/19
83.136.57.0/24
83.136.58.0/23
83.136.60.0/22
62.209.24.0/21
62.209.16.0/21
62.209.8.0/21
62.209.0.0/21
109.63.96.0/19
109.63.0.0/19 new

Insert these into a file tell your firewall to ignore them and bingo no more retards – of which Alessandro Izzo from Italy also is a grade retard.

Happy blocking !