Date: Sat, 29 Mar 2003 12:48:11 -0600 From: "Jack L. Stone" <jackstone@sage-one.net> To: freebsd-questions@freebsd.org Subject: Re: Annoying RedAlert.com activity Message-ID: <3.0.5.32.20030329124811.013da078@sage-one.net> In-Reply-To: <20030329170746.GA76439@keyslapper.org> References: <3.0.5.32.20030329082518.0142ed68@sage-one.net> <3.0.5.32.20030329082518.0142ed68@sage-one.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:07 PM 3.29.2003 -0500, you wrote: >On 03/29/03 08:25 AM, Jack L. Stone sat at the `puter and typed: >> This is semi-OT, but is a FBSD firewall question. >> >> Every day, I see this in the logs: >> 65.194.51.136 - - [29/Mar/2003:00:26:47 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.133 - - [29/Mar/2003:00:26:47 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.131 - - [29/Mar/2003:00:26:49 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.135 - - [29/Mar/2003:00:26:50 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.132 - - [29/Mar/2003:00:26:52 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.134 - - [29/Mar/2003:00:26:55 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.155 - - [29/Mar/2003:00:28:24 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.156 - - [29/Mar/2003:00:29:14 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.137 - - [29/Mar/2003:00:30:45 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.154 - - [29/Mar/2003:00:34:13 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.152 - - [29/Mar/2003:00:34:21 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.151 - - [29/Mar/2003:00:34:50 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> 65.194.51.165 - - [29/Mar/2003:00:34:52 -0600] "HEAD / HTTP/1.0" 200 0 "-" >> "RedAlert.com" >> >> Question: >> At the "redalert.com" web site, they claim to be a server monitoring >> service, but I've never signed up for the service and don't want this daily >> waste of BW that appears on all of my web servers. It is annoying and I >> would like to block their network via the firewall. >> >> Based on the above, what would be the best choice of how to block the network: >> 65.194.51.?/? >> >> Thanks for any suggestions.... > >I'd start with any of the 'contact us' links that are probably all >over their website. You never know, they may have inadvertently >started monitoring your websites, or your upstream provider might have >signed themselves or you up. If it has something to do with your >upstream provider, bring up the added bandwidth issue, and ask how >that affects your monthly bill. I'm sure someone can simply stop >these hits at the source. > >Failing that, look up the IP block and just block that range: >$ whois -h whois.arin.net 65.194.51.165 >UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1) > 65.192.0.0 - 65.223.255.255 >Keynotes systems UU-65-194-51 (NET-65-194-51-0-1) > 65.194.51.0 - 65.194.51.255 > >This is a pretty broad range, so you might want to start with a range >you know redalert uses (.131-.165), then just expand it as you get new >messages. > >HTH >Lou >-- >Louis LeBlanc leblanc@keyslapper.org Lou: Thanks for the reply. When visiting their site, I did make the effort to make contact via the emails. So far their "info" contact (no support) has bounced and no reply from their Texas "sales" email. I'm also in Texas just down the road on the Golf de Mexico.... If it continues, suppose I'll have no choice but to block the network which is an extreme.... Looks like they ought to monitor themselves a little better, wrong website monitored, bad emails and nobody watching the other emails.... Just had to double my bandwidth and suppose seeing any waste now looms large to me... Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20030329124811.013da078>