Blocking Netranges Based on IP-to-Country CSV

Pascal Vilarem pvilarem-ml at 9online.fr
Sat Sep 18 15:25:47 CEST 2004


my 2 cts :

Nick Drage wrote:

>On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN wrote:
>  
>
>>why do this ?
>>    
>>
>
>There's a good set of reasons on:
>
>http://ip-to-country.webhosting.info/
>
>  
>
good set of reasons... but none of these is a good reason :-)

>>seems a bit nasty in nature.
>>    
>>
>
>Depends how you use the information.  And to be honest considering the
>reputation of some sources of traffic, such as Korea and South America,
>which might be unlikely to have legitimate connections to your site, it
>would be handy to block them all.
>
>  
>
let me disagree... youre gonna drop eberybody from one country... most 
of them are innofensive...
and more : the really bad guys will just have to hack a good looking 
computer in a "good" country.
And then they will bypass this miraculous system...

You will just FEEL safe but you wont be at all... and you'll just hit 
everybody but your "target" :-\

It IS ab bit nasty... and more : it is blind ineffective.

>>we dont even do this sort of thing? see email addy...
>>    
>>
>
>But you're a worldwide organisation, and I think there's much more that
>you can do with this than just block.  For example, has anything figured
>out a way to tie this into logging rules, it would great to see which
>countries I'm being attacked from.
>
>  
>
If you're dealing with "bad guys" you'd better invest in a Intrusion 
prevention system...
start on a snort or prelude basis for example... then you'd be able to 
adapt dynamically netfilter.

if you have to protect some data, authenticate your users/customers no 
matter from which country they are.

grtx.




More information about the netfilter mailing list