[Dshield] Blocking Country Access
Johannes B. Ullrich
jullrich at sans.org
Tue Feb 20 20:15:16 GMT 2007
Andrew Willy wrote:
> Is this pretty common? I've considered blocking networks for nations we
> don't expect traffic from but never followed through.
not "Very common". But its popular in particular as an anti-spam thing.
If you do this: make sure you don't have any legitimate business in
these countries. Think at cases like oversees US service personal for
It usually best to first log traffic for a while or compare your
proposed blocklist to historic traffic. But overall, it can help.
Most important: keep reviewing the list. I know one case where a
business planned to expand to asia, but ran into problems exchanging
e-mails with new partners due to a spam filter blocking asia. (as
always: you need to stay in touch with the business site to do your
security job well).
Johannes Ullrich http://isc.sans.org
SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! <http://www.sans.org/info/2501>
PGP Key: https://secure.dshield.org/PGPKEYS
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070220/92a931a5/attachment.bin
More information about the list