Security Basics mailing list archives
RE: SF new article announcement: The great firewall of China
From: "Brill, Sven A" <sbrill () kpmg com>
Date: Wed, 31 Aug 2005 21:28:07 -0400
Does anyone know of an accurate list of IP address blocks mapped to various countries? Doing a WHOIS after an attack or SSH brute-force attempt is rather reactive... this whole approach doesn't make the server any more secure, but 1) it limits the user of compromised machines in large emerging economies as attack launching points, and 2) it makes your logs much shorter and easier to read. :)
Sort of. It's not 100%, and it's not fool-proof. If you are sure that you want to drop whole countries, check it http://www.ip-to-country.com/ . The actual database is free to download as a CSV file here: http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip , and from there you can either use it as-is, import it into a database, or simply filter out the ranges you are interested in and drop them. Sven -- Sven Brill Information Risk Management KPMG, LLP 99 High Street Boston, MA 02110 Phone: 617-988-1629 Fax: 617-988-0890 Mobile: 617-803-9602 ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Current thread:
- RE: SF new article announcement: The great firewall of China Brill, Sven A (Sep 01)