[Dshield] Blocking Offending Countries
josh at raintreeinc.com
Wed Jun 29 19:38:26 GMT 2005
Ed Truitt wrote:
> I don't think that most reasonable people would blacklist an entire country based on 1 (or even 100) nmap scans. If I were to put a country in the BL, it would be based on a pattern of excessive amounts of spamm and *no* legit traffic.
> -E D Truitt
I think they would. I close down ports at my firewall not because I've
noticed someone has tried exploiting something on that port, but because
I don't need it. If I am lucky enough to have a simple enough
environment that I *know* a given IP range doesn't need to connect to my
network, shut it off. It's basic "principle of least privilege" stuff,
and it applies in this case. That said, it's tough in lots of
circumstances to be sure communication with a certain range is unneeded,
but if you can get away with it, by all means block that traffic.
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000
More information about the list