How To Block all Chinanet IP Addresses using Crowdsec CLI
26/01/2023
Information
After experiencing some 'aggressive' bruteforce attempts on my servers coming from the Chinanet AS, I did some digging and had some trouble finding a complete list of the IP ranges used by Chinanet. So I created my own, this list is based off the of ChinaNet Backbone(AS 4134) & should hopefully contain all 110,731,008 addresses used by ChinaNet - this guide will show you how to use Crowdsec to block every single one of them.
Step 1 - Download the Prefilled CSV
I've created a CSV for Crowdsec with all the IP Ranges used by the Chinanet AS Backbone Network. Download the CSV to your server with the below command. This CSV is preset to ban all ranges in it for 10 years.
wget https://lexnet.cc/other/chinanet.csv
Step 2 - Import the Prefilled CSV
If you use Debian or Ubuntu, you can use the below command to import the CSV into the CrowdSec CLI decisions register.
sudo cscli decisions import -i chinanet.csv --scope range
Step 3 - Check the Decision Import was Successful
sudo cscli decisions list --origin cscli-import
(Optional) One Liner Command
If you want an optional one liner to import / update the decisions as I update the list you can use the below command.
wget https://lexnet.cc/other/chinanet.sh -O - | sh