From: Pascal Vilarem <pvilarem-ml@9online.fr>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Cc: pvilarem-ml@9online.fr
Subject: Re: Blocking Netranges Based on IP-to-Country CSV
Date: Sat, 18 Sep 2004 15:25:47 +0200 [thread overview]
Message-ID: <414C375B.8080305@9online.fr> (raw)
In-Reply-To: <20040917114613.GP452@metastasis.org.uk>
my 2 cts :
Nick Drage wrote:
>On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN wrote:
>
>
>>why do this ?
>>
>>
>
>There's a good set of reasons on:
>
>http://ip-to-country.webhosting.info/
>
>
>
good set of reasons... but none of these is a good reason :-)
>>seems a bit nasty in nature.
>>
>>
>
>Depends how you use the information. And to be honest considering the
>reputation of some sources of traffic, such as Korea and South America,
>which might be unlikely to have legitimate connections to your site, it
>would be handy to block them all.
>
>
>
let me disagree... youre gonna drop eberybody from one country... most
of them are innofensive...
and more : the really bad guys will just have to hack a good looking
computer in a "good" country.
And then they will bypass this miraculous system...
You will just FEEL safe but you wont be at all... and you'll just hit
everybody but your "target" :-\
It IS ab bit nasty... and more : it is blind ineffective.
>>we dont even do this sort of thing? see email addy...
>>
>>
>
>But you're a worldwide organisation, and I think there's much more that
>you can do with this than just block. For example, has anything figured
>out a way to tie this into logging rules, it would great to see which
>countries I'm being attacked from.
>
>
>
If you're dealing with "bad guys" you'd better invest in a Intrusion
prevention system...
start on a snort or prelude basis for example... then you'd be able to
adapt dynamically netfilter.
if you have to protect some data, authenticate your users/customers no
matter from which country they are.
grtx.
next prev parent reply other threads:[~2004-09-18 13:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-16 16:33 Blocking Netranges Based on IP-to-Country CSV Hudson Delbert J Contr 61 CS/SCBN
2004-09-17 11:46 ` Nick Drage
2004-09-18 13:25 ` Pascal Vilarem [this message]
2004-09-19 11:09 ` Nick Drage
2004-09-19 14:59 ` Alexis
2004-09-19 9:09 ` Mohamed Eldesoky
2004-09-19 11:01 ` Nick Drage
2004-09-19 11:17 ` Mohamed Eldesoky
2004-09-19 11:45 ` George Alexandru Dragoi
2004-09-20 11:53 ` Nick Drage
2004-09-20 12:06 ` Thomas Lußnig
2004-09-20 12:26 ` Chris Brenton
2004-09-20 13:20 ` George Alexandru Dragoi
2004-09-20 12:16 ` Chris Brenton
-- strict thread matches above, loose matches on Subject: below --
2004-09-20 13:57 nutbrownhares
2004-09-20 14:09 ` Jason Opperisano
2004-09-20 14:10 ` Alexis
2004-09-17 20:16 Hudson Delbert J Contr 61 CS/SCBN
2004-09-20 11:57 ` Nick Drage
2004-09-15 23:41 Gary & Mic McFall
2004-09-16 0:54 ` Frank Gruellich
2004-09-15 12:57 McFall, Gary
2004-09-16 14:16 ` Aleksandar Milivojevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=414C375B.8080305@9online.fr \
--to=pvilarem-ml@9online.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox