Blocking Netranges Based on IP-to-Country CSV
Pascal Vilarem
pvilarem-ml at 9online.fr
Sat Sep 18 15:25:47 CEST 2004
my 2 cts :
Nick Drage wrote:
>On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN wrote:
>
>
>>why do this ?
>>
>>
>
>There's a good set of reasons on:
>
>http://ip-to-country.webhosting.info/
>
>
>
good set of reasons... but none of these is a good reason :-)
>>seems a bit nasty in nature.
>>
>>
>
>Depends how you use the information. And to be honest considering the
>reputation of some sources of traffic, such as Korea and South America,
>which might be unlikely to have legitimate connections to your site, it
>would be handy to block them all.
>
>
>
let me disagree... youre gonna drop eberybody from one country... most
of them are innofensive...
and more : the really bad guys will just have to hack a good looking
computer in a "good" country.
And then they will bypass this miraculous system...
You will just FEEL safe but you wont be at all... and you'll just hit
everybody but your "target" :-\
It IS ab bit nasty... and more : it is blind ineffective.
>>we dont even do this sort of thing? see email addy...
>>
>>
>
>But you're a worldwide organisation, and I think there's much more that
>you can do with this than just block. For example, has anything figured
>out a way to tie this into logging rules, it would great to see which
>countries I'm being attacked from.
>
>
>
If you're dealing with "bad guys" you'd better invest in a Intrusion
prevention system...
start on a snort or prelude basis for example... then you'd be able to
adapt dynamically netfilter.
if you have to protect some data, authenticate your users/customers no
matter from which country they are.
grtx.
More information about the netfilter
mailing list