[Dshield] Blocking Offending Countries

Adrien de Beaupre adriendb at whitehats.ca
Tue Jun 28 23:24:07 GMT 2005



> 
> > SSH should be configured ONLY to allow known hosts in which case this
> > will cease to be an issue. 
> 
> That may not always possible, especially when you have to support mobile
> users that SSH in from on the road/mobile.
> 
> As far as blocking: Spam is a *content* problem not a *location*
> problem. As such you should block on content and not location.
> 
> Cheers,
> Frank
> 

Thanks Frank. I agree, block content. Or more specifically
allow only the content required for your business/organizational
needs.

SSH should be configured to use keys for authentication
only in any case, and/or only accept connections from
known hosts or IPs, and never allow root/privileged logins. 

I understand the desire to believe that blocking IP connections
by country is somehow increasing security. I would like to point
out that this emperor has no clothes, this is not an effective
security measure. In any case, I have never seen an accurate
listing of IP blocks by country, so whom are you blocking
anyway? 

Cheers,
Adrien










-------------------------------------------------
www.whitehats.ca - Using IMP: http://horde.org/imp/


More information about the list mailing list