There are some really easy quick wins you can perform to stop a lot of unwanted internet traffic hitting your perimeter. If your perimeter is only accessed by real users, you are probably pretty safe drop any packets from the sources below.

Tor network exit IP’s  – Tor is an anonymous network which allows users to hide behind “exit node” ip’s which are members of the Tor network. More info on Tor – https://www.torproject.org

To find out a list of exit nodes you can use as source ip’s to drop, check out this site which has a downloadable text file that you can then import into a ruleset on your firewall – https://www.dan.me.uk/tornodes

Bogon IP’s – No, not a bogan which is an aussie slang term 🙂 A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. More information on these ip’s http://www.team-cymru.org/Services/Bogons/ which even includes a list you can download.

Possibly Amazon EC2 – Readily available on Amazon’s site https://forums.aws.amazon.com/ann.jspa?annID=1351 I say possibly because some legitimate businesses run all their infrastructure in EC2 so if you are hosting email services, you may start blocking legitimate email traffic.

Shout out to the guys at @asteriskinfosec

Happy blocking!

Advertisements