As a follow-up, 95% of all port-scans and attacks (not counting windoze viri/worms) come from IP's in the APNIC. I've decided to just tarpit them all for everything except http/https. (Who'da thunk, posting to slashdot and I got an intelligent idea!:-)
I went to: http://www.iana.org/assignments/ipv4-address-space and greped it for APNIC. I tarpitted all these address blocks on port 25 so my mail-server never sees them. If we get asian clients some day I guess I'll have to specifically white-list their MX(s).
Relevant portion of the file at iana.org:
058/8 Apr 04 APNIC (whois.apnic.net) 059/8 Apr 04 APNIC (whois.apnic.net) 060/8 Apr 03 APNIC (whois.apnic.net) 061/8 Apr 97 APNIC (whois.apnic.net) 202/8 May 93 APNIC (whois.apnic.net) 203/8 May 93 APNIC (whois.apnic.net) 210/8 Jun 96 APNIC (whois.apnic.net) 211/8 Jun 96 APNIC (whois.apnic.net) 218/8 Dec 00 APNIC (whois.apnic.net) 219/8 Sep 01 APNIC (whois.apnic.net) 220/8 Dec 01 APNIC (whois.apnic.net) 221/8 Jul 02 APNIC (whois.apnic.net) 222/8 Feb 03 APNIC (whois.apnic.net)
Just download the individual patches by number and apply them individually instead of using windowsupdate.
It's only windowsupdate that checks the reg code. (Yes! I do have a legal copy of windows (it came with the laptop I run Linux on) but I'm a geek with too much time on my hands and I had to find a way...
Slashdot Mirror
So use cash! If you don't use a card you don't get tracked! Sheesh! You yougins are stoopid!
As a follow-up, 95% of all port-scans and attacks (not counting windoze viri/worms) come from IP's in the APNIC. I've decided to just tarpit them all for everything except http/https. (Who'da thunk, posting to slashdot and I got an intelligent idea! :-)
Check the rest. You'll probably find they came from .jp, .tw etc...
Relevant portion of the file at iana.org:
Just download the individual patches by number and apply them individually instead of using windowsupdate.
It's only windowsupdate that checks the reg code. (Yes! I do have a legal copy of windows (it came with the laptop I run Linux on) but I'm a geek with too much time on my hands and I had to find a way...
Cheers!