[Dshield] Blocking Offending Countries
jayjwa at atr2.ath.cx
Wed Jun 29 05:19:10 GMT 2005
On Tue, 28 Jun 2005, Adrien de Beaupre wrote:
-> Thanks Frank. I agree, block content. Or more specifically
-> allow only the content required for your business/organizational
Content blocking is very, very easy for spammers to go thru. Just look at
some of the creative ways they do it. I'm not saying it doesn't work at
all, it just doesn't work *enough*.
-> I understand the desire to believe that blocking IP connections
-> by country is somehow increasing security. I would like to point
And yet it does, at least in my case. I seriously cut down on the number
of weird log entries I had to follow up on, spam I had to report, and
other incidents to take time away from what I really wanted to be doing
with my computer. To this day, I've never, ever got one single piece of
legitimate traffic from China, which is what I was initially bringing up.
One of my first posts stated that I don't usually do it, and I don't like
to, but China was a rare exception based on the lack of responses I got
from all the ISP's that I tried to contact there, and on content after
-> In any case, I have never seen an accurate
-> listing of IP blocks by country,
http://www.blackholes.us/ is pretty close, I think.
-> so whom are you blocking
Places like 21cn.com, who spammed me on a weekly basis, sometimes more.
I have no idea who they are or how they got my address, but they presisted
even after I left a message with the initial block from my MTA.
Netvigator.com, (actually listed as Hong Kong, but close enough for me)
who connected to my ftp server and preceeded to download *everything*,
several times over, before I caught and kicked him/them/it off. Outblaze,
who's actual spam-cannons are in the US but use open relays/proxies in
Korea/China, and are actually based there, according to their register
info. These guys had a massive spam run several months back when I got
spam from them daily, always in a similar form with a similar look, done
thru an open relay/proxy in China/Korea. All 222.*, which is a regular
guest on the Dshield block list, plus all of the slots in my iptables
listing for which I see packet and byte counts. So, I do see they are
knocking- they just can't come in.
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.
More information about the list