[Dshield] Blocking Country Access

Kevin Ottalini ottalini at mindspring.com
Wed Feb 21 00:36:22 GMT 2007


Dave,
    Does your SonicWall have export/import for its rules and if so what is 
the format?

I have a little stub of a program that can take a list of IPs and generate a 
list of the blocks they reside in.
With a minor amount of output formatting it might be able to do most of your 
typing for you.

KevinO


----- Original Message ----- 
From: "Dave Hatz"
To: "'General DShield Discussion List'" <list at lists.dshield.org>
Sent: Tuesday, February 20, 2007 11:40 AM
Subject: Re: [Dshield] Blocking Country Access


> Scott,
> That is exactly what I was looking for.  Looks like I have a lot of typing
> to do, our SonicWall is an older model and doesn't support CIDR's.  We are
> looking to upgrade our firewall to a PIX and I was told they do support
> CIDR's.
>
> Thank you very much for your help.
> Dave
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org]
> On Behalf Of Scott Melnick
> Sent: Tuesday, February 20, 2007 10:48 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Blocking Country Access
>
> Dave,
>
> This might be what your looking for. You can download any country you need
> from this list. It lists it in 2 ways. The CIDR for China and the IP 
> range.
> Depending on your firewall you may have to put it in a spreadsheet first 
> and
> convert the CIDR numbers into /network numbers. If your firewall takes
> CIDR's then no problem.
>
> Also keep in mind, China doesn't cover Hong Kong, Tawain, etc...
> You'll have to grab the ones for them as well. You also will have to 
> update
> your firewall rules periodically as net numbers change.
>
> http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/
>
>
> Cheers,
> Scott Melnick
>
>
>> -----Original Message-----
>> From: list-bounces at lists.dshield.org [mailto:list-
>> bounces at lists.dshield.org] On Behalf Of Dave Hatz
>> Sent: Tuesday, February 20, 2007 1:09 PM
>> To: 'General DShield Discussion List'
>> Subject: Re: [Dshield] Blocking Country Access
>>
>> Johannes, Frank and Kevin,
>> Thank you all for the responses and links.  I am not a security expert
> by
>> any means, I subscribe to this list to learn from the experts in the
>> industry such as yourselves.  I come from a small shop where I have to
>> wear many different hats, so I apologize up front if these questions
>> are to basic for this list.
>>
>> These country IP lists are extremely detailed.  I was hoping for a
> list of
>> Ips that is more basic.  For example, we are getting hit really hard
> with
>> attacks on our mail server from China.  I would like to go into our
> set of
>> rules on our SonicWall and say, I don't want anything coming into our
>> network from China.  I need to enter the Ips into our access list and
> deny
>> them.  So, I was hoping do something like this, deny all 58.0.0.0
> through
>> 58.255.255.255.  But, in looking at the list of Country Ips, if I do
>> something like that, I could be blocking more than just traffic from
>> China.
>> So my question is, can I put in a IP range that would block of all
> China,
>> and other countries for that matter.
>>
>> Thanks again...
>> Dave Hatz
>>
>> -----Original Message-----
>> From: list-bounces at lists.dshield.org [mailto:list-
>> bounces at lists.dshield.org] On Behalf Of Johannes B. Ullrich
>> Sent: Tuesday, February 20, 2007 9:28 AM
>> To: General DShield Discussion List
>> Subject: Re: [Dshield] Blocking Country Access
>>
>> Dave Hatz wrote:
>> > I am trying to find information on how to block countries from our
>> networks.
>> > I remember seeing lists that contain the IP addresses for the
> countries.
>> > Can someone please point me in the right direction on where I can
>> > obtain a list of the country IP address so we can block them.
>>
>> you can try http://isc.sans.org/countrylookup.txt . Its based on the
> list
>> I
>> use to lookup countries.
>>
>> Not perfect... here is a list of country lookup URLs I keep around.
> Some
>> allow you to download their database:
>>
>> http://www.hostip.info
>> http://www.ip2location.com/free.asp
>> http://www.geobytes.com/GeoSelect.htm
>> http://www.maxmind.com
>> http://ip-to-country.webhosting.info
>>
>>
>>
>> >
>> > Thanks,
>> > Dave Hatz



More information about the list mailing list