May 7th, 2003, 05:27 PM
IP blocks by country?
Does anyone know of a site which will tell me IP blocks assigned, broken down by country?
Call it jingoistic if you want, but 90% of suspicious scans and attacks on our servers trace to IP's registered outside the country (we're in the US). I want to block all of it, since our company does 100% of it's business in New York State, and every single client client we have or might have is US-based.
I'm tired of reading logs, clipping log fragments, and e-mailing them to abuse mailboxes all around the world. I'd prefer to just reject or drop anything coming from outside the US, period. It's never going to be legitimate business traffic for my company.
May 7th, 2003, 05:32 PM
May 7th, 2003, 05:42 PM
Negative, you are truly somethin
Cheers for the info provided.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
May 7th, 2003, 05:42 PM
Yes, thanks I'll take a look at those lists.
May 7th, 2003, 05:46 PM
Great list thx Neg,now i finally can block Belgium ..................naaaah
i m gone,thx everyone for so much fun and good info.
cheers and good bye
May 7th, 2003, 05:47 PM
How about http://www.geobytes.com/IpLocator.htm
If you have the IP and want to find the geographical location.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
May 7th, 2003, 07:03 PM
Well, that's a pretty neat site, but ... ironically it couldn't locate the IP that's been bombarding my servers with PROPFIND based DoS attacks ;-) Which I located easily through RIPE.NET earlier.
Admins can and do routinely look up IP's in the Whois databases to find out the ISP of someone who shows up in their security logs, but we don't usually care where those people are physically. I got the inclination to block out the entire non-US set of IP's because our servers only really care about traffic from existing and potential clients, who are all going to be located within 100 miles of us due to the nature of our business. So I'm just going to block at the router or firewall level all packets from non-US IP blocks. Should drastically cut down on the security log work.
May 7th, 2003, 08:25 PM
Sounds like a pretty big task. Glad it's not me!! Might be a nice post, to have a list of all non-US IP blocks.
May 7th, 2003, 11:58 PM
All Hail Negative, the Human Google, a fountain of Knowledge, a god of links, a good time to stop would be now :P
sweet link Negative
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.