Although Nefarious Laboratories prefers a default deny approach to security, we maintain blocklists for those who prefer a default allow policy. The included blacklists define corporations by ASN, allowing administrators to block an entire IP range.
Note that these corporations operate hosting services, and blocking corporate IP ranges may prevent users and devices from accessing third-party domains which are unaffiliated with these corporations.
IPTables Example Rules (for ASNs)
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] #Amazon -A OUTPUT -s 126.96.36.199/24 -j DROP #Apple -A OUTPUT -s 188.8.131.52/21 -j DROP #Facebook -A OUTPUT -s 184.108.40.206/21 -j DROP #Google -A OUTPUT -s 220.127.116.11/24 -j DROP #Microsoft -A OUTPUT -s 18.104.22.168/11 -j DROP COMMIT
DNSmasq Example Rules (for Domains)
A dnsmasq configuration file
/etc/dnsmasq.conf can block domains and their respective subdomains, while a hosts file
/etc/hosts requires a complete listing of every subdomain.
# Blocking Cryptojacking Domains address=/authedmine.com/0.0.0.0 address=/coinhive.com/0.0.0.0 address=/rocks.io/0.0.0.0
We recommend blocking all included passwords in every public-facing web application. The included passwords are at least 8 characters in length, as shorter passwords should be banned.