[Dshield] Blocking Country Access

Dave Hatz davehatz at hatzventures.org
Tue Feb 20 19:40:41 GMT 2007


Scott,
That is exactly what I was looking for.  Looks like I have a lot of typing
to do, our SonicWall is an older model and doesn't support CIDR's.  We are
looking to upgrade our firewall to a PIX and I was told they do support
CIDR's.

Thank you very much for your help.
Dave 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Scott Melnick
Sent: Tuesday, February 20, 2007 10:48 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Blocking Country Access

Dave, 

This might be what your looking for. You can download any country you need
from this list. It lists it in 2 ways. The CIDR for China and the IP range. 
Depending on your firewall you may have to put it in a spreadsheet first and
convert the CIDR numbers into /network numbers. If your firewall takes
CIDR's then no problem. 

Also keep in mind, China doesn't cover Hong Kong, Tawain, etc...
You'll have to grab the ones for them as well. You also will have to update
your firewall rules periodically as net numbers change.

http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/


Cheers,
Scott Melnick


> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list- 
> bounces at lists.dshield.org] On Behalf Of Dave Hatz
> Sent: Tuesday, February 20, 2007 1:09 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] Blocking Country Access
> 
> Johannes, Frank and Kevin,
> Thank you all for the responses and links.  I am not a security expert
by
> any means, I subscribe to this list to learn from the experts in the 
> industry such as yourselves.  I come from a small shop where I have to 
> wear many different hats, so I apologize up front if these questions 
> are to basic for this list.
> 
> These country IP lists are extremely detailed.  I was hoping for a
list of
> Ips that is more basic.  For example, we are getting hit really hard
with
> attacks on our mail server from China.  I would like to go into our
set of
> rules on our SonicWall and say, I don't want anything coming into our 
> network from China.  I need to enter the Ips into our access list and
deny
> them.  So, I was hoping do something like this, deny all 58.0.0.0
through
> 58.255.255.255.  But, in looking at the list of Country Ips, if I do 
> something like that, I could be blocking more than just traffic from 
> China.
> So my question is, can I put in a IP range that would block of all
China,
> and other countries for that matter.
> 
> Thanks again...
> Dave Hatz
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list- 
> bounces at lists.dshield.org] On Behalf Of Johannes B. Ullrich
> Sent: Tuesday, February 20, 2007 9:28 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Blocking Country Access
> 
> Dave Hatz wrote:
> > I am trying to find information on how to block countries from our
> networks.
> > I remember seeing lists that contain the IP addresses for the
countries.
> > Can someone please point me in the right direction on where I can 
> > obtain a list of the country IP address so we can block them.
> 
> you can try http://isc.sans.org/countrylookup.txt . Its based on the
list
> I
> use to lookup countries.
> 
> Not perfect... here is a list of country lookup URLs I keep around.
Some
> allow you to download their database:
> 
> http://www.hostip.info
> http://www.ip2location.com/free.asp
> http://www.geobytes.com/GeoSelect.htm
> http://www.maxmind.com
> http://ip-to-country.webhosting.info
> 
> 
> 
> >
> > Thanks,
> > Dave Hatz
> >
> >
> > _________________________________________
> >
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught
> > by our top rated instructors plus a huge vendor tools expo.
> > Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> >
> 
> 
> --
> ---------
> Johannes Ullrich                        http://isc.sans.org
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught
by
> our top rated instructors plus a huge vendor tools expo.
> 	Register Today! <http://www.sans.org/info/2501>
> (Brochurecode: ISC)
> 
> PGP Key: https://secure.dshield.org/PGPKEYS
> 
> 
> _________________________________________
> 
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught 
> by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught by
our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)



More information about the list mailing list