[Dshield] Blocking Offending Countries

Josh Tolley josh at raintreeinc.com
Wed Jun 29 19:38:26 GMT 2005


Ed Truitt wrote:
> I don't think that most reasonable people would blacklist an entire country based on 1 (or even 100) nmap scans.  If I were to put a country in the BL, it would be based on a pattern of excessive amounts of spamm and *no* legit traffic.
> Cheers,
> -E D Truitt
> 

I think they would. I close down ports at my firewall not because I've 
noticed someone has tried exploiting something on that port, but because 
I don't need it. If I am lucky enough to have a simple enough 
environment that I *know* a given IP range doesn't need to connect to my 
network, shut it off. It's basic "principle of least privilege" stuff, 
and it applies in this case. That said, it's tough in lots of 
circumstances to be sure communication with a certain range is unneeded, 
but if you can get away with it, by all means block that traffic.

Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000



More information about the list mailing list