Blocking Netranges Based on IP-to-Country CSV

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Fri Sep 17 22:16:00 CEST 2004


depends on what you call a 'legitimate' connection.
if the guy is browsing the web and comes upon say perhaps .....your website
why would he not be considered 'legitimate' because you dont like the
'reputation'...

####################################
# delbert.hudson at losangeles.af.mil #
#        61cs/scbn, 3-0182         #
####################################


-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Nick Drage
Sent: Friday, September 17, 2004 4:46 AM
To: netfilter at lists.netfilter.org
Subject: Re: Blocking Netranges Based on IP-to-Country CSV


On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN
wrote:
> 
> why do this ?

There's a good set of reasons on:

http://ip-to-country.webhosting.info/

> seems a bit nasty in nature.

Depends how you use the information.  And to be honest considering the
reputation of some sources of traffic, such as Korea and South America,
which might be unlikely to have legitimate connections to your site, it
would be handy to block them all.

> we dont even do this sort of thing? see email addy...

But you're a worldwide organisation, and I think there's much more that
you can do with this than just block.  For example, has anything figured
out a way to tie this into logging rules, it would great to see which
countries I'm being attacked from.

-- 
mors omnia vincit



More information about the netfilter mailing list