Timothy M. Mullen
When I originally posted to Bugtraq regarding the use of country-by-country sets to control traffic to or from any particular country, I knew that it was not a new idea. However, applying the concept for use with Microsoft's ISA Server was at least a new application for it, and apparently has had some utility for people based on the thousands of downloads that have been made of the free sets from the Hammer of God Web site.
Colapse all |
Post comment
Blocking Traffic by Country on Production Networks
2008-07-20
Anonymous (1 replies)
Anonymous (1 replies)
Re: Blocking Traffic by Country on Production Networks
2008-07-22
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Blocking Traffic by Country on Production Networks
2009-01-05
Anonymous (1 replies)
Anonymous (1 replies)
This ideal has been mentioned in several meeting I have attended with the staff. So the question that follows: ?What country (ies) do you block?? Right now you have info that would lead you to believe that China the only one attacking your network but with time, it will be someone else, but what hap...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Re: Blocking Traffic by Country on Production Networks
2009-05-27
Anonymous (1 replies)
Anonymous (1 replies)
For the most part, China, and Australian networks, and a few attacks from Amsterdam have occurred on our network. Being able to block a country would be of benefit, if, there are enough attacks to make it necessary. Currently my firewall's IPS rule drops connections if they meet certain criteria, ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Re: Re: Blocking Traffic by Country on Production Networks
2009-11-03
Anonymous
Anonymous
A good security approach is to deny whatever isn't explicitly allowed. While most decent firewalls are capable of this, depending on that in-built functionality would be a drain on firewall resources - considering the size of rulebases out there.
The solution would be to create - as the very firs...
[ more ] [ reply ]
The solution would be to create - as the very firs...
[ more ] [ reply ]
Blocking Traffic by Country on Production Networks
2008-07-30
Anonymous
Anonymous
I blocked China (actually most of SE Asia) and my malicious traffic was dramatically slashed (down 80%+). I have no regrets and make no apologies since my business is domestic in the USA only and I provide no content that would be of use or interest to anyone outside of the USA.
Need to email me b...
[ more ] [ reply ]
Need to email me b...
[ more ] [ reply ]
Blocking Traffic by Country on Production Networks
2008-08-18
Jason Bevis
Jason Bevis
Blocking countries is a good tactic if you are not blocking your customers. It works exceptionally well in high profile and political events. Here is a list of blacklisted ranges you can use.
http://infosecalways.com/2007/11/08/ip-address-blacklist/
I've seen IDS alerts go from 100,000+ to i...
[ more ] [ reply ]
http://infosecalways.com/2007/11/08/ip-address-blacklist/
I've seen IDS alerts go from 100,000+ to i...
[ more ] [ reply ]
Blocking Traffic by Country on Production Networks
2008-10-17
IT Dude
IT Dude
I've been doing this for two years now, this is nothing new to me. I've heard peers state how it's a bad idea, I beg to differ. Since I've started blocking Asian countries, my malicious traffic (including spam) has declined in upwards of 80%.
For the clown who stated "slammer requests are spoofed...
[ more ] [ reply ]
For the clown who stated "slammer requests are spoofed...
[ more ] [ reply ]
Blocking Traffic by Country on Production Networks
2008-10-31
Anonymous (1 replies)
Anonymous (1 replies)
it may be easier to just look up the class A's, B's, and C's assigned to RIPE NCC, AfriNIC, APNIC, LACNIC and then start blocking from there...I've blocked roughly 125 net's that have now reduced 98% of the spam registered users for a site I manage...
http://www.afrinic.net/
http://www.apnic.net...
[ more ] [ reply ]
http://www.afrinic.net/
http://www.apnic.net...
[ more ] [ reply ]
Re: Blocking Traffic by Country on Production Networks
2009-02-27
kurt
kurt
My firewall will go out once a week and get updates to assigned networks for countries. I would get about 50 emails a day from my firewall for ssh attacks, people running cgi, etc. I entered only China, North Korea, South Korea, and Russia to be blocked by my firewall (it blocks by country). I now g...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]