Subnet block list

H

hemojr

The SANS Institute is suggesting a block list for certain IP address
subnets.
http://isc.sans.org/diary.php?storyid=997

I believe this is in response to the WMF exploit recently uncovered and
not yet
having a satisfactory defense available.

Is there an easy way to block entire IP address ranges or subnets
through either the XP firewall or the "restricted sites" setting in
"Internet Options"?

Other suggestions? Misdirecting DNS perhaps?
 
S

Steve Winograd [MVP]

The SANS Institute is suggesting a block list for certain IP address
subnets.
http://isc.sans.org/diary.php?storyid=997

I believe this is in response to the WMF exploit recently uncovered and
not yet
having a satisfactory defense available.

Is there an easy way to block entire IP address ranges or subnets
through either the XP firewall or the "restricted sites" setting in
"Internet Options"?

Other suggestions? Misdirecting DNS perhaps?
Click to expand...

To block access to an IP address range, create a route to it through a
non-existent gateway.

For example, the SANS article suggests blocking 69.50.160.0/19
(69.50.160.0 - 69.50.191.255). Assume that the default gateway on
your computer is 192.168.0.1, and that there's no computer with
address 192.168.0.200. This statement would block access to that
address range:

route -p add 69.50.160.0 mask 255.255.224.0 192.168.0.200

The value 255.255.224.0 is a /19 subnet mask. The "-p" option makes
the route persistent across reboots.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
H

hemojr

Thanks for the tip.

I can propagate this using DHCP and the 033 option or just configure
the routing tables on the individual subnet default gateways. Might be
best just to do the routers, since that will cover any host that
happens to be statically adressed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Blocking ranges of IP address 3
Simple network wont work 1
TCP?IP traffic failure? 1
Problem with Windows 98SE computer networking with XP computer 5
command not working to get netsh to block a single IP 0
DDNS not working from other subnet?? 1
Cannot join domain or browse network shares from different subnet 4
Network and Mask to block all IPs on the Internet 3

Top