[Dshield] Blocking Country Access
davehatz at hatzventures.org
Tue Feb 20 18:08:55 GMT 2007
Johannes, Frank and Kevin,
Thank you all for the responses and links. I am not a security expert by
any means, I subscribe to this list to learn from the experts in the
industry such as yourselves. I come from a small shop where I have to wear
many different hats, so I apologize up front if these questions are to basic
for this list.
These country IP lists are extremely detailed. I was hoping for a list of
Ips that is more basic. For example, we are getting hit really hard with
attacks on our mail server from China. I would like to go into our set of
rules on our SonicWall and say, I don't want anything coming into our
network from China. I need to enter the Ips into our access list and deny
them. So, I was hoping do something like this, deny all 126.96.36.199 through
188.8.131.52. But, in looking at the list of Country Ips, if I do
something like that, I could be blocking more than just traffic from China.
So my question is, can I put in a IP range that would block of all China,
and other countries for that matter.
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Tuesday, February 20, 2007 9:28 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Blocking Country Access
Dave Hatz wrote:
> I am trying to find information on how to block countries from our
> I remember seeing lists that contain the IP addresses for the countries.
> Can someone please point me in the right direction on where I can
> obtain a list of the country IP address so we can block them.
you can try http://isc.sans.org/countrylookup.txt . Its based on the list I
use to lookup countries.
Not perfect... here is a list of country lookup URLs I keep around. Some
allow you to download their database:
> Dave Hatz
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught
> by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
Johannes Ullrich http://isc.sans.org
SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught by
our top rated instructors plus a huge vendor tools expo.
Register Today! <http://www.sans.org/info/2501>
PGP Key: https://secure.dshield.org/PGPKEYS
More information about the list