[Dshield] Blocking Country Access

Andrew Willy andrewwilly at gmail.com
Tue Feb 20 19:43:22 GMT 2007


Is this pretty common?  I've considered blocking networks for nations we
don't expect traffic from but never followed through.

Andrew

On 2/20/07, Scott Melnick <smelnick at water.com> wrote:
>
> Dave,
>
> This might be what your looking for. You can download any country you
> need from this list. It lists it in 2 ways. The CIDR for China and the
> IP range.
> Depending on your firewall you may have to put it in a spreadsheet first
> and convert the CIDR numbers into /network numbers. If your firewall
> takes CIDR's then no problem.
>
> Also keep in mind, China doesn't cover Hong Kong, Tawain, etc...
> You'll have to grab the ones for them as well. You also will have to
> update your firewall rules periodically as net numbers change.
>
> http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/
>
>
> Cheers,
> Scott Melnick
>
>
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list-
> > bounces at lists.dshield.org] On Behalf Of Dave Hatz
> > Sent: Tuesday, February 20, 2007 1:09 PM
> > To: 'General DShield Discussion List'
> > Subject: Re: [Dshield] Blocking Country Access
> >
> > Johannes, Frank and Kevin,
> > Thank you all for the responses and links.  I am not a security expert
> by
> > any means, I subscribe to this list to learn from the experts in the
> > industry such as yourselves.  I come from a small shop where I have to
> > wear
> > many different hats, so I apologize up front if these questions are to
> > basic
> > for this list.
> >
> > These country IP lists are extremely detailed.  I was hoping for a
> list of
> > Ips that is more basic.  For example, we are getting hit really hard
> with
> > attacks on our mail server from China.  I would like to go into our
> set of
> > rules on our SonicWall and say, I don't want anything coming into our
> > network from China.  I need to enter the Ips into our access list and
> deny
> > them.  So, I was hoping do something like this, deny all 58.0.0.0
> through
> > 58.255.255.255.  But, in looking at the list of Country Ips, if I do
> > something like that, I could be blocking more than just traffic from
> > China.
> > So my question is, can I put in a IP range that would block of all
> China,
> > and other countries for that matter.
> >
> > Thanks again...
> > Dave Hatz
> >
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org [mailto:list-
> > bounces at lists.dshield.org]
> > On Behalf Of Johannes B. Ullrich
> > Sent: Tuesday, February 20, 2007 9:28 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] Blocking Country Access
> >
> > Dave Hatz wrote:
> > > I am trying to find information on how to block countries from our
> > networks.
> > > I remember seeing lists that contain the IP addresses for the
> countries.
> > > Can someone please point me in the right direction on where I can
> > > obtain a list of the country IP address so we can block them.
> >
> > you can try http://isc.sans.org/countrylookup.txt . Its based on the
> list
> > I
> > use to lookup countries.
> >
> > Not perfect... here is a list of country lookup URLs I keep around.
> Some
> > allow you to download their database:
> >
> > http://www.hostip.info
> > http://www.ip2location.com/free.asp
> > http://www.geobytes.com/GeoSelect.htm
> > http://www.maxmind.com
> > http://ip-to-country.webhosting.info
> >
> >
> >
> > >
> > > Thanks,
> > > Dave Hatz
> > >
> > >
> > > _________________________________________
> > >
> > > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught
> > > by our top rated instructors plus a huge vendor tools expo.
> > > Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
> > >
> >
> >
> > --
> > ---------
> > Johannes Ullrich                        http://isc.sans.org
> >
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses taught
> by
> > our top rated instructors plus a huge vendor tools expo.
> >       Register Today! <http://www.sans.org/info/2501>
> > (Brochurecode: ISC)
> >
> > PGP Key: https://secure.dshield.org/PGPKEYS
> >
> >
> > _________________________________________
> >
> > SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> > taught by our top rated instructors plus a huge vendor tools expo.
> > Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>
> _________________________________________
>
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
>


More information about the list mailing list