Close to independance day on 4th of July, we opened US networks.

(*)

This affected 10.713 locked netranges - 522 remain blocked.

They will be handled like DE, AT, CH, NL, BE, FR, GB, LU, LI, IE, IT, CZ, SE, PL, IS, FI, ES, DK, SK, HU, RO, BG, LT, LV and EE now.

The most common problem with netbooks and Laptops:
@work they are often strongly protected by Firewalls, Proxies and IDS - but they are meant to be taken home and there...
mostly liberal configured structures based on poor configured router and users surf to sites they never would request from office. The next morning a compromised workstation is returning into the company.

So HowTo implement the security-layers from office to home or mobile locations without additional hardware?

379 records in total from all incoming spam during the last 1,5 years.

List of netranges:

We started autogenerating

• MS XP Workstation ipseccmd.exe batch-job for MS builtin firewall
• MS 2003 Server ipseccmd.exe batch-job for MS builtin firewall
• Vista/MS 2008 Server netsh advfirewall batch-job for MS builtin firewall to use with powershell 1.0/2.0PRE
• pfsense alias and ruleset
• cisco IOS ruleset

to block any communication to known Destinations from MS08-067 Worm, Downadup/Conflicker and make them availailable to public.

Please check scripts for nets you should not drop connection to, because your customers might need them.

See here and here for more info.

ipseccmd.exe to be found on your system CD->Support->Tools.
Powershell 1.0 and 2.0PRE CTP can be downloaded from Microsoft.

2009/04/25 - currently auto-tagging networks
2009/04/25 - checked 2.9 Mio generic domains from Conficker A,B,C and attached results to this article
2009/02/16 - added today's IPs
2009/02/17 - Neue Medien Munnich requested removing 85.13.136.31 - done.
2009/02/21 - added yesterday's IPs
2009/04/22 - added destination list with counter