[Dshield] Blocking IP's from Certain Countries

Michael Wior mbwior at cox.net
Fri Jan 9 22:03:33 GMT 2004


Can IIS filter all IP's listed in a specific DNS server?

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Rick Klinge
Sent: Friday, January 09, 2004 11:50 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Blocking IP's from Certain Countries


Depending upon your environment of course.  If you are using windows IIS
Server you could always add the countries to block via ip address name
restrictions
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/i
nsider/iisi0703.asp. If you have a cisco router you could exclusively drop
them at the boarder, which personally I prefer ie:
! bogons (bogus outside networks) & revocations (example only)
access-list 101 deny ip 60.0.0.0 0.255.255.255 any log
access-list 101 deny ip 61.0.0.0 0.255.255.255 any log
access-list 101 deny ip 62.167.0.0 0.0.255.255 any log
access-list 101 deny ip 64.60.0.0 0.0.255.255 any log
access-list 101 deny ip 72.0.0.0 7.255.255.255 any log
access-list 101 deny ip 83.0.0.0 0.255.255.255 any log
access-list 101 deny ip 84.0.0.0 3.255.255.255 any log
access-list 101 deny ip 88.0.0.0 7.255.255.255 any log
access-list 101 deny ip 96.0.0.0 31.255.255.255 any log
access-list 101 deny ip 200.0.0.0 0.255.255.255 any log
access-list 101 deny ip 201.0.0.0 0.255.255.255 any log
access-list 101 deny ip 211.0.0.0 0.255.255.255 any log
access-list 101 deny ip 219.0.0.0 0.255.255.255 any log
access-list 101 deny ip 222.0.0.0 1.255.255.255 any log
access-list 101 deny ip 224.0.0.0 31.255.255.255 any log
access-list 101 deny ip 255.0.0.0 0.255.255.255 any log

Or you could always give this a try:
http://www.famhost.com/support/pktfilter.zip which will allow you to drop
them as well.

Hth,

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org] On Behalf Of mbwior at cox.net
> Sent: Friday, January 09, 2004 10:53 AM
> To: list at dshield.org
> Subject: [Dshield] Blocking IP's from Certain Countries
>
>
> Does anyone have an idea as to how I would block out certain
> countries from gaining access to my demo server?
>
> The situation is this, we have a demo server that we allow
> anonymous users to hook up to and download our software for
> use on a trial basis.
>
> However the use of our software does not extend itself to use
> in other countries; nor do we want it to go there for reverse
> engineering and copyright purposes.
>
> Any ideas?
>
> Thanks for all help in advance,
>
> Michael Wior
> Ipro Tech

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list