From: Chris Brenton <cbrenton@chrisbrenton.org>
To: Nick Drage <nickd@metastasis.org.uk>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: Blocking Netranges Based on IP-to-Country CSV
Date: Mon, 20 Sep 2004 08:16:40 -0400 [thread overview]
Message-ID: <1095682599.1779.106.camel@grendel> (raw)
In-Reply-To: <20040920115357.GE3786@metastasis.org.uk>
On Mon, 2004-09-20 at 07:53, Nick Drage wrote:
>
> > So, whats the reason is banning some countryes?
>
> Imagine
> I'm going travelling, and I know I'm only going to South America, so I
> want to open up my ssh daemon to more addresses. However I don't want
> to permit the entire Internet to have a go at the daemon, but I'm
> willing to open it up to South America to increase the risk slightly
> in return for permitting myself SSH access wherever I am.
Well said. I find it kind of strange that people are cool with blocking
ranges of ports, but as soon as you get into blocking ranges of IP
addresses they get squeamish and may even label you a bigot.
Its simply a matter of risk Vs. business need. My business model
requires an SMTP server so I accept the risk of exposing that port to
Internet access. My business model *does not* require NetBIOS/IP, so
those ports are obviously blocked. Why accept the risk involved if there
is no business argument for it?
Blocking IP ranges is exactly the same thing. If I do business in
Canada, the UK, etc., then obviously I have to accept the risk of
exposing my services to those IP blocks. If I don't do business in China
and know I never will, what's the point in accepting the risk of attack
from that country?
Cheers,
Chris
next prev parent reply other threads:[~2004-09-20 12:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-16 16:33 Blocking Netranges Based on IP-to-Country CSV Hudson Delbert J Contr 61 CS/SCBN
2004-09-17 11:46 ` Nick Drage
2004-09-18 13:25 ` Pascal Vilarem
2004-09-19 11:09 ` Nick Drage
2004-09-19 14:59 ` Alexis
2004-09-19 9:09 ` Mohamed Eldesoky
2004-09-19 11:01 ` Nick Drage
2004-09-19 11:17 ` Mohamed Eldesoky
2004-09-19 11:45 ` George Alexandru Dragoi
2004-09-20 11:53 ` Nick Drage
2004-09-20 12:06 ` Thomas Lußnig
2004-09-20 12:26 ` Chris Brenton
2004-09-20 13:20 ` George Alexandru Dragoi
2004-09-20 12:16 ` Chris Brenton [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-09-20 13:57 nutbrownhares
2004-09-20 14:09 ` Jason Opperisano
2004-09-20 14:10 ` Alexis
2004-09-17 20:16 Hudson Delbert J Contr 61 CS/SCBN
2004-09-20 11:57 ` Nick Drage
2004-09-15 23:41 Gary & Mic McFall
2004-09-16 0:54 ` Frank Gruellich
2004-09-15 12:57 McFall, Gary
2004-09-16 14:16 ` Aleksandar Milivojevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1095682599.1779.106.camel@grendel \
--to=cbrenton@chrisbrenton.org \
--cc=netfilter@lists.netfilter.org \
--cc=nickd@metastasis.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.