[Dshield] Blocking IP's from Certain Countries

Rick Klinge rick at jaray.net
Fri Jan 9 18:50:05 GMT 2004


Depending upon your environment of course.  If you are using windows IIS
Server you could always add the countries to block via ip address name
restrictions
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/i
nsider/iisi0703.asp. If you have a cisco router you could exclusively drop
them at the boarder, which personally I prefer ie:
! bogons (bogus outside networks) & revocations (example only)
access-list 101 deny ip 60.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 61.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 62.167.0.0 0.0.255.255 any log		
access-list 101 deny ip 64.60.0.0 0.0.255.255 any log		
access-list 101 deny ip 72.0.0.0 7.255.255.255 any log
access-list 101 deny ip 83.0.0.0 0.255.255.255 any log
access-list 101 deny ip 84.0.0.0 3.255.255.255 any log
access-list 101 deny ip 88.0.0.0 7.255.255.255 any log
access-list 101 deny ip 96.0.0.0 31.255.255.255 any log
access-list 101 deny ip 200.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 201.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 211.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 219.0.0.0 0.255.255.255 any log		
access-list 101 deny ip 222.0.0.0 1.255.255.255 any log
access-list 101 deny ip 224.0.0.0 31.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log

Or you could always give this a try:
http://www.famhost.com/support/pktfilter.zip which will allow you to drop
them as well.

Hth,

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of mbwior at cox.net
> Sent: Friday, January 09, 2004 10:53 AM
> To: list at dshield.org
> Subject: [Dshield] Blocking IP's from Certain Countries
> 
> 
> Does anyone have an idea as to how I would block out certain 
> countries from gaining access to my demo server?
> 
> The situation is this, we have a demo server that we allow 
> anonymous users to hook up to and download our software for 
> use on a trial basis. 
> 
> However the use of our software does not extend itself to use 
> in other countries; nor do we want it to go there for reverse 
> engineering and copyright purposes. 
> 
> Any ideas?
> 
> Thanks for all help in advance,
> 
> Michael Wior
> Ipro Tech 

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list