Blocking IP Addresses by Country

Forum Moderators: phranque

Message Too Old, No Replies

Blocking IP Addresses by Country

Blocking IP Addresses and networks by Country

Tech Manager

7:32 pm on Dec 26, 2007 (gmt 0)

I manage several servers for a variety of clients and each client has his or her unique security needs. Some of these clients have been experiencing an increasing number of attacks originating from Russia, China, Korea, Iran, etc. It is impractical to block specific IP addresses as many are controlled by bots and are somewhat random.

To combat this I decided to write my own set of scripts that creates complete lists of networks/IP addresses by country. The database is updated daily and derived by mining the various Regional Registries.

[edited by: Tech_Manager at 7:32 pm (utc) on Dec. 26, 2007]

[edited by: phranque at 1:33 am (utc) on Feb. 12, 2008]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]

justgowithit

7:58 pm on Dec 26, 2007 (gmt 0)

There's been a lot of talk about blocking a range of ip addresses based on country [google.com] origin. Generally, it is not a reliable method.

Tech Manager

8:06 pm on Dec 26, 2007 (gmt 0)

It depends on what you mean by reliable. I manage doezens of servers and firewalls and blocking specific countries is merely one technique in an arsenal of weapons to protect clients from a variety of attacks.

If the IP Network data is correct then blocking a specific network or entire country adds one more layer of security. However, this technique should not be used by anyway who does not fully ubnderstand networks, routing, CIDR, Netmasks, and the effect that blocking countries or networks may have on their ability to function.

It is also important to consider the Processing requirements when using a high volume of allow/deny rulesets on your firewalls/routers/servers or within specific software applications.