[Dshield] Blocking Country Access

Dave Hatz davehatz at hatzventures.org
Tue Feb 20 18:08:55 GMT 2007


Johannes, Frank and Kevin,
Thank you all for the responses and links.  I am not a security expert by
any means, I subscribe to this list to learn from the experts in the
industry such as yourselves.  I come from a small shop where I have to wear
many different hats, so I apologize up front if these questions are to basic
for this list.

These country IP lists are extremely detailed.  I was hoping for a list of
Ips that is more basic.  For example, we are getting hit really hard with
attacks on our mail server from China.  I would like to go into our set of
rules on our SonicWall and say, I don't want anything coming into our
network from China.  I need to enter the Ips into our access list and deny
them.  So, I was hoping do something like this, deny all 58.0.0.0 through
58.255.255.255.  But, in looking at the list of Country Ips, if I do
something like that, I could be blocking more than just traffic from China.
So my question is, can I put in a IP range that would block of all China,
and other countries for that matter.

Thanks again...
Dave Hatz 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Tuesday, February 20, 2007 9:28 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Blocking Country Access

Dave Hatz wrote:
> I am trying to find information on how to block countries from our
networks.
> I remember seeing lists that contain the IP addresses for the countries.
> Can someone please point me in the right direction on where I can 
> obtain a list of the country IP address so we can block them.

you can try http://isc.sans.org/countrylookup.txt . Its based on the list I
use to lookup countries.

Not perfect... here is a list of country lookup URLs I keep around. Some
allow you to download their database:

http://www.hostip.info
http://www.ip2location.com/free.asp
http://www.geobytes.com/GeoSelect.htm
http://www.maxmind.com
http://ip-to-country.webhosting.info



> 
> Thanks,
> Dave Hatz
> 
> 
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught 
> by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> 


--
---------
Johannes Ullrich                        http://isc.sans.org

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught by
our top rated instructors plus a huge vendor tools expo.
	Register Today! <http://www.sans.org/info/2501>
(Brochurecode: ISC)

PGP Key: https://secure.dshield.org/PGPKEYS




More information about the list mailing list