Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blockling all traffic from all netblock recyber.net

WolfgangS

does anyone have all netblocks from recyber.net ?

because if u block the whois recyber.net network 89.248.165.0/24 , nothing happens.

so i guess they use fake ip's and have more networks in use.

i like to block them because i also dont like the massive port scans and malware from thier networks.



This thread was automatically locked due to age.
  • 0

    Hallo Wolfgang,

    You can opt out of their scans on their website.   Malware?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
      • 0 in reply to WolfgangS

        Thanks for that link, Wolfgang!

        I don't think they're a malicious port scanner.  If I did, I would add 89.248.165.0/24 to my "All Portscanners" Network Group.  I have an Intrusion Prevention Exception that skips Anti-Portscan for that group.  I also have a firewall rule that Rejects all traffic from that Network Group.  Virtually all of the malicious port scans come from Russia and China.

        Cheers - Bob

         
        Sophos UTM Community Moderator
        Sophos Certified Architect - UTM
        Sophos Certified Engineer - XG
        Gold Solution Partner since 2005
        MediaSoft, Inc. USA
    • 0

      I've tried contacting them directly, and it's been completely ignored. True they aren't malicious, but they are very annoying.

      OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
      16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
      (Former Sophos UTM Veteran, Former XG Rookie)

      • 0 in reply to Amodin

        Yes very annoying. i can access my ISP Cisco and Block traffic before it reaches the firewall. but i still get port scanns from that net block.

        so i guess they fake IP adresses. if the net block would like the one in the whois, it would be impossible to get thru the cisco deny list.

        so yeah, time to block them.

        • 0 in reply to WolfgangS

          Wie gesagt:

          Cheers - Bob

           
          Sophos UTM Community Moderator
          Sophos Certified Architect - UTM
          Sophos Certified Engineer - XG
          Gold Solution Partner since 2005
          MediaSoft, Inc. USA