[Dshield] Blocking Offending Countries

David Cary Hart DShield at TQMcube.com
Tue Jun 28 17:23:04 GMT 2005


On Tue, 2005-06-28 at 08:54 +0100, Mike Simkins wrote:
> Blocking by country/continent/whatever is not the answer. 
> 
> A block by a specific threat, possibly. I have (almost daily) someone try an 
> SSH attack on various hosts of mine, and I have a script that blocks the 
> offending IP (only), and sends an auto-abuse e-mail if there is either an 
> ABUSE, Technical, or Admin E-Mail Address listed for that IP or block.
> 
> If I get a reply from the admin saying its fixed (as I have done in about 5% 
> of the cases), then the block is removed.
> 
SSH should be configured ONLY to allow known hosts in which case this
will cease to be an issue. 

As for geographical blocking, I allow the world access to our web site,
ftp and rsync (even though a considerable number of exploit attempts
come from Asia). OTOH, China, Korea, and Taiwan are completely blocked
from smtp.
-- 
      * Eliminate Spam:         http://www.TQMcube.com/spam_trap.htm
      * RBLDNSD HowTo:          http://www.TQMcube.com/rbldnsd.htm
      * Multi-RBL Check:        http://www.TQMcube.com/rblcheck.htm



More information about the list mailing list