Axios

Read 7437 times
35.197.206.31
35.246.26.164
34.142.112.58
I've been getting unwanted relays that are not being blocked by the relay system in CentovaCast and causing an issue with bandwidth so this is what I did to stop the attacks.
Ubuntu uses UFW firewall, CentOS uses IPTable and the commands are almost identical
The firewall rule I wrote:
ufw deny from  35.197.206.0/24
That blocks all traffic from any computer in the 35.197.206.X or 255 IPs in total
This is a hot topic in the icecast forum
Tommy TBones
Owner
440MUSIC.COM
Broadcasting Indie Music since March 1999
UPDate 4/8/2022
34.142.78.118
118.78.142.34.bc.googleusercontent.com
I've create an ipTable rule to block that IP/16 which blocks 34.142.0.0(64516 IPs) but they continue to rebroadcast/rip as a listener.
I'm using Ubuntu 18.04 LAMP server with 3 static IPs
Rules: UFW and iptable

I need help finding a solution not because of bandwith issues I don't want them rebroadcasting my members music. I only broadcast Indie Music and 75% of the music I broadcast 440Music is the only one that has those recordings.  8)
Tommy TBones
Owner
440MUSIC.COM
Broadcasting Indie Music since March 1999
Same here and very aggressive agent. I have programmed a solution for this, which updates all AXIO based IP-Addresses every night from all our systems and locks them out. At least 99% of all AXIO user agents are gone daily. If a AXIOS IP-Address change on the current day, this one will be listed in this file on next day and so on.

Feel free to use it: https://safeguard.streampanel.net/blocklists/webradio/axios/output/axios.txt
Doing what I did started to block legitimate listeners, for now I'll live with it I'm only a 1 person team which is very limiting at times especially when 2 minds can solve an issue faster and often much better.
I'll continue to run fail2ban to block ssh and ftp and study more on ipTables
I checked the list of IPs I had for the axios stream and everyone was in the list I had built.   8)
Tommy TBones
Owner
440MUSIC.COM
Broadcasting Indie Music since March 1999
I found the answer I needed to block un-autherized relaying through a media player.
The instructions I found that is blocking an IP range of 65k IPs
https://www.andoson.net/resources/linux/blocking-ip-addresses-on-centos-8-using-firewalld
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='34.128.0.0/10' reject"

the IP range is determined /10 which is a block for 65536 IPs
Please be careful when using firewalld to block IP addresses as you will potentially block legitimate  listeners. I will refine the IP range I'm blocking and what I did is a quick solution which needs refining.
Research firewalld and fail2ban before you make any changes and be sure to add yourself to the white list.  8)
Tommy TBones
Owner
440MUSIC.COM
Broadcasting Indie Music since March 1999
Hi! if you use Icecast, you can easily block by user agent too :)