Thanks to some good pointers from Vibhor Amrodia here, I was able to rewrite my Linux Netfilter countryblock script to create object-groups for Cisco ASA firewalls which can easily be used in access-lists. This example loads the IP-ranges of China, Korea and Palestine from and creates a config file. This config file can easily be copied from a TFTP server to the running config of the ASA. I chose those 3 countries because the vast majority of probes, scans and SIP fraud attempts on my network come from there.

German IT-news service heise online reports about a dangerous change which comes with the update of Google's Android app store "Play". According to heise, after the update, app permissions will be organized in groups and apps can request new permissions from a permission group for which they already have permission, without additional user approval. Until now, users have to explicitly approve every newly requested permission on update.

In recent times, port probes, spam mail and also SIP attacks / SIP fraud have increased massively and it mostly comes from China, Korea and Palestine. If you run Linux as perimeter firewall, blocking those 3 (and any other you like) is fairly easy. This script downloads the respective network lists from and inserts rules at the start of the INPUT and FORWARD chains, so IPs from any of those networks can neither reach your firewall not any system behind it.

The attempts on my PBX are increasing and increasing and from the mailing lists I get a similar picture. The big issue is that many, if not most, ISPs don't react to complaints. For that reason I will, starting now, publish the top 20 of attacking IPs here on my website, including whois links, so people can see, how big the problem is and what providers do. I'll additionally start compiling a blacklist of the "worst" networks, so admins can put those addresses in their firewall rulesets.

Page 1 of 5