[Dshield] Blocking Offending Countries
David Cary Hart
DShield at TQMcube.com
Tue Jun 28 17:23:04 GMT 2005
On Tue, 2005-06-28 at 08:54 +0100, Mike Simkins wrote:
> Blocking by country/continent/whatever is not the answer.
> A block by a specific threat, possibly. I have (almost daily) someone try an
> SSH attack on various hosts of mine, and I have a script that blocks the
> offending IP (only), and sends an auto-abuse e-mail if there is either an
> ABUSE, Technical, or Admin E-Mail Address listed for that IP or block.
> If I get a reply from the admin saying its fixed (as I have done in about 5%
> of the cases), then the block is removed.
SSH should be configured ONLY to allow known hosts in which case this
will cease to be an issue.
As for geographical blocking, I allow the world access to our web site,
ftp and rsync (even though a considerable number of exploit attempts
come from Asia). OTOH, China, Korea, and Taiwan are completely blocked
* Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
* RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
* Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm
More information about the list