[Dshield] Blocking Offending Countries

Cefiar cef at optus.net
Tue Jun 28 07:41:40 GMT 2005

On Tuesday 28 June 2005 12:54, Mike Wydra wrote:
> More to come - but for now, would
> someone please explain to me "how blocking China IP's would also block
> Canada? I truly don't understand the following piece of a post:
> > Hmm, if we applied that logic, traffic from the US would be cut off
> > from entering Canada. The two countries who target Canadian IPs
> > on a regular basis are China and the US.

>From a brief look at the discussion, it seems this was made in response to the 
idea of blocking the biggest countries that produce unwanted traffic. It's 
also made from the point of view of Canada. Hence blocking the biggest 
offenders against Canada would mean blocking not just China, but the US as 

Blocking solely based on the biggest offenders without understanding of any 
other relationships can lead to collateral damage. The above was apparently 
an example in point. There were a number of replies, some specifically from 
"the other side" (eg: people in the US) about the fact that they are already 
dropping traffic from Canada. This is despite the fact that Canada is a 
land-connected neighbour and quite possibly could legitimately have reasons 
for contacting them (IMO).

One of the biggest downsides of dropping traffic from anywhere however would 
be companies that run some part of their infrastructure out of a specific 
country (be it Taiwan, the US, China, Canada, the UK, Australia, or 
whatever). A num, not from the US.ber of companies that I deal regularly with 
in Australia run their entire mail infrastructure out of some of the above 
countries, and blocking legitimate traffic from those destinations would 
therefore be a no-no. Of course, there is no reason to let them get to a VPN 
end-point, so dropping such traffic makes perfect sense. As they say, horses 
for courses.

IMO, dropping traffic from other corners of the world without reason is simply 
a band-aid solution that will not solve the problem, and may actually make 
the problem worse. It's also a bit hard to complain about a lack of traffic 
when your complaints get dropped on the floor along with everything else.

Looking forward to the plan details when you get the time. Till then, stay 

 Stuart Young - aka Cefiar - cef at optus.net

More information about the list mailing list