Categories
Networking

Blocking active GFW probes

Based on the information from this blog post, a list of IPv4 blocks is identified as potential GFW active probes which, if allowed to scan your server for known services, may result in the GFW blocking access to your IP. If that happens, your IP will not be able to access anything behind the GFW, which can be a bummer.

While I am not able to verify the authenticity of this information, a bit of blocking could do little harm (until your users or customers start complaining). I have converted the rules into UFW format for you to plug into your cloud instances – I have also fixed the typo and removed the repeated entries in the original post. There you go:

ufw deny from 58.242.83.0/24
ufw deny from 59.45.175.0/24
ufw deny from 150.255.80.0/24
ufw deny from 60.166.0.0/16
ufw deny from 60.208.0.0/16
ufw deny from 119.4.0.0/16
ufw deny from 125.80.0.0/16
ufw deny from 210.76.222.0/24
ufw deny from 1.50.0.0/16
ufw deny from 150.255.240.0/24
ufw deny from 171.118.211.0/24
ufw deny from 182.110.0.0/16
ufw deny from 218.10.0.0/16
ufw deny from 101.24.217.0/24
ufw deny from 202.108.0.0/16
ufw deny from 208.68.37.0/24
ufw deny from 58.20.98.0/24
ufw deny from 182.242.0.0/16
ufw deny from 60.16.14.0/24
ufw deny from 110.19.146.0/24
ufw deny from 110.19.147.0/24
ufw deny from 82.221.105.0/24
ufw deny from 190.153.0.0/16
ufw deny from 208.68.38.0/24
ufw deny from 114.97.65.0/24
ufw deny from 211.137.176.0/24
ufw deny from 221.229.196.0/24
ufw deny from 140.205.0.0/16
ufw deny from 106.11.224.0/24
ufw deny from 125.84.181.0/24
ufw deny from 182.88.76.0/24
ufw deny from 141.212.0.0/16
ufw deny from 219.147.91.0/24
ufw deny from 36.102.236.0/24
ufw deny from 113.31.102.0/24
ufw deny from 222.186.175.0/24
ufw deny from 106.12.68.0/24
ufw deny from 222.186.42.0/24
ufw deny from 106.12.88.0/24
ufw deny from 87.246.7.0/24
ufw deny from 221.198.83.0/24
ufw deny from 219.143.174.0/24
ufw deny from 223.166.74.0/24
ufw deny from 171.36.133.0/24
ufw deny from 175.42.2.0/24
ufw deny from 59.173.153.0/24
ufw deny from 58.19.92.0/24
ufw deny from 36.32.3.0/24
ufw deny from 220.200.164.0/24
ufw deny from 175.152.109.0/24
ufw deny from 125.84.177.0/24
ufw deny from 124.88.112.0/24
ufw deny from 124.225.43.0/24
ufw deny from 193.201.0.0/16
ufw deny from 37.115.0.0/16
ufw deny from 182.190.0.0/16
ufw deny from 221.210.83.0/24
ufw deny from 119.90.42.0/24
ufw deny from 219.154.0.0/16
ufw deny from 203.125.0.0/16
ufw deny from 220.181.55.0/24
ufw deny from 182.118.3.0/24
ufw deny from 183.136.0.0/16
ufw deny from 101.226.4.0/24
ufw deny from 180.153.235.0/24
ufw deny from 122.143.15.0/24
ufw deny from 27.221.20.0/24
ufw deny from 202.102.85.0/24
ufw deny from 61.160.224.0/24
ufw deny from 120.52.18.0/24
ufw deny from 27.224.137.0/24
ufw deny from 46.38.144.0/24
ufw deny from 210.76.206.0/24
ufw deny from 39.98.124.0/24
ufw deny from 180.101.0.0/16
ufw deny from 120.206.184.0/24
ufw deny from 218.72.49.0/24
ufw deny from 124.95.168.0/24
ufw deny from 112.66.104.0/24
ufw deny from 123.138.72.0/24
ufw deny from 210.72.128.0/24

Be sure to insert these rules before your allow-all rules!

Leave a Reply