[Dshield] Blocking Offending Countries

Bo Nordgren bo at nordgren.net
Wed Jun 29 12:03:15 GMT 2005

> > -> In any case, I have never seen an accurate
> > -> listing of IP blocks by country,
> > 
> > http://www.blackholes.us/  is pretty close, I think.
> This does get a little sticky. For example filter a block listed as 
> 'Sweden' and it will quite possibly include a few addresses that
> actually terminate in 'Norway'. Then again if you are not doing business
> in Sweden, you are probably not doing business in Norway either.

Unfortionaly this is were things can go horribly wrong. The problem with blocking Europe
is that people you do business with might well be doing business with people in Europe.
Take this list for instance. I have my personal servers in Belgium, US and Sweden and
the client I am currently working for has a lot of the infrastructure in Germany.

You shouldn't have a problem as long as your mailserver doesn't block but lets say that
you get hit by a stray Nmap and block a block in Sweden you might well start blocking
legitimate email.

The reason I take this up is that I have been in this situation due to overzealous
blocking and since it generaly tends to be email that gets blocked I have had to start
calling people.

Best regards, Bo Nordgren

Nordgren WebMail (http://webmail.nordgren.net)

More information about the list mailing list