From: Pascal Vilarem <pvilarem-ml@9online.fr>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Cc: pvilarem-ml@9online.fr
Subject: Re: Blocking Netranges Based on IP-to-Country CSV
Date: Sat, 18 Sep 2004 15:25:47 +0200 [thread overview]
Message-ID: <414C375B.8080305@9online.fr> (raw)
In-Reply-To: <20040917114613.GP452@metastasis.org.uk>
my 2 cts :
Nick Drage wrote:
>On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN wrote:
>
>
>>why do this ?
>>
>>
>
>There's a good set of reasons on:
>
>http://ip-to-country.webhosting.info/
>
>
>
good set of reasons... but none of these is a good reason :-)
>>seems a bit nasty in nature.
>>
>>
>
>Depends how you use the information. And to be honest considering the
>reputation of some sources of traffic, such as Korea and South America,
>which might be unlikely to have legitimate connections to your site, it
>would be handy to block them all.
>
>
>
let me disagree... youre gonna drop eberybody from one country... most
of them are innofensive...
and more : the really bad guys will just have to hack a good looking
computer in a "good" country.
And then they will bypass this miraculous system...
You will just FEEL safe but you wont be at all... and you'll just hit
everybody but your "target" :-\
It IS ab bit nasty... and more : it is blind ineffective.
>>we dont even do this sort of thing? see email addy...
>>
>>
>
>But you're a worldwide organisation, and I think there's much more that
>you can do with this than just block. For example, has anything figured
>out a way to tie this into logging rules, it would great to see which
>countries I'm being attacked from.
>
>
>
If you're dealing with "bad guys" you'd better invest in a Intrusion
prevention system...
start on a snort or prelude basis for example... then you'd be able to
adapt dynamically netfilter.
if you have to protect some data, authenticate your users/customers no
matter from which country they are.
grtx.
next prev parent reply other threads:[~2004-09-18 13:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-16 16:33 Blocking Netranges Based on IP-to-Country CSV Hudson Delbert J Contr 61 CS/SCBN
2004-09-17 11:46 ` Nick Drage
2004-09-18 13:25 ` Pascal Vilarem [this message]
2004-09-19 11:09 ` Nick Drage
2004-09-19 14:59 ` Alexis
2004-09-19 9:09 ` Mohamed Eldesoky
2004-09-19 11:01 ` Nick Drage
2004-09-19 11:17 ` Mohamed Eldesoky
2004-09-19 11:45 ` George Alexandru Dragoi
2004-09-20 11:53 ` Nick Drage
2004-09-20 12:06 ` Thomas Lußnig
2004-09-20 12:26 ` Chris Brenton
2004-09-20 13:20 ` George Alexandru Dragoi
2004-09-20 12:16 ` Chris Brenton
-- strict thread matches above, loose matches on Subject: below --
2004-09-20 13:57 nutbrownhares
2004-09-20 14:09 ` Jason Opperisano
2004-09-20 14:10 ` Alexis
2004-09-17 20:16 Hudson Delbert J Contr 61 CS/SCBN
2004-09-20 11:57 ` Nick Drage
2004-09-15 23:41 Gary & Mic McFall
2004-09-16 0:54 ` Frank Gruellich
2004-09-15 12:57 McFall, Gary
2004-09-16 14:16 ` Aleksandar Milivojevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=414C375B.8080305@9online.fr \
--to=pvilarem-ml@9online.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.