[Dshield] Blocking Country Access

Johannes B. Ullrich jullrich at sans.org
Tue Feb 20 20:15:16 GMT 2007


Andrew Willy wrote:
> Is this pretty common?  I've considered blocking networks for nations we
> don't expect traffic from but never followed through.

not "Very common". But its popular in particular as an anti-spam thing.

If you do this: make sure you don't have any legitimate business in
these countries. Think at cases like oversees US service personal for
example.

It usually best to first log traffic for a while or compare your
proposed blocklist to historic traffic. But overall, it can help.

Most important: keep reviewing the list. I know one case where a
business planned to expand to asia, but ran into problems exchanging
e-mails with new partners due to a spam filter blocking asia. (as
always: you need to stay in touch with the business site to do your
security job well).



-- 
---------
Johannes Ullrich                        http://isc.sans.org

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
	Register Today! <http://www.sans.org/info/2501>
(Brochurecode: ISC)

PGP Key: https://secure.dshield.org/PGPKEYS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070220/92a931a5/attachment.bin 


More information about the list mailing list