Security Incidents mailing list archives
Re: Determining the country of orgin for IP address(es)
From: Mally Mclane <mally () ripe net>
Date: Wed, 27 Feb 2002 09:39:12 +0100
hi, On 26/2/02 22:24, "Russell Fulton" <R.FULTON () auckland ac nz> wrote:
On Wed, 2002-02-27 at 08:36, Glenn Forbes Fleming Larratt wrote:It may have been the theory that IP ranges were geographically organized, but that's long since gone the way of all things. We considered blocking all of .kr, since for a time they were the leading source of portscans of our network, and got the following abridged results. I think you'll find that there are chunks per continent, delegated to RIPE, APNIC, or some South American registries, but that IP range<->nation mappings simply don't exist in a viable or useful way.I agree, when the "Korean problem" was at it's worst I was seriously worried that some people were going to naively block all of 210/7 because of the number of attacks coming from those two class /8s. Several major (by our standards ;-) NZ ISPs have address ranges in these blocks... Last time I looked there were several hundred address blocks allocated to NZ (pop 3.5 million) and I know there are chuncks of address space in use here that are allocated to global Telcos and no where is is recorded that the addresses aer in use in New Zealand.
People need to be really care and specific about what IP ranges they are going to block. Furthering the NZ example, our /8s are so geographically diverse, that blocking one /8 because it, for instance, contains a lot of russian spam, could also block of most of Europe..... Cheers, Mally Mclane RIPE NCC Operations Sent using the Entourage X Test Drive. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Determining the country of orgin for IP address(es) Brian Nichols (Feb 26)
- Re: Determining the country of orgin for IP address(es) Glenn Forbes Fleming Larratt (Feb 26)
- Re: Determining the country of orgin for IP address(es) Matthew Leeds (Feb 26)
- Re[2]: Determining the country of orgin for IP address(es) Rzac` (Feb 26)
- Re: Re[2]: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- Re: Determining the country of orgin for IP address(es) Russell Fulton (Feb 26)
- Re: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- <Possible follow-ups>
- Re: Determining the country of orgin for IP address(es) Neil Dickey (Feb 26)
- Re: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- RE: Determining the country of orgin for IP address(es) dendler (Feb 27)
- Re: Determining the country of orgin for IP address(es) Glenn Forbes Fleming Larratt (Feb 26)