Snort mailing list archives
RE: OT: IP Blocks by country/region?
From: Tom Sevy <tsevy () epx com>
Date: Thu, 13 Jun 2002 14:18:39 -0400
We are thinking of blocking certain country source IP ranges. I agree that there is risk in this. Has anyone attempted to take the recommended block list from dshield.org and make an alert rule so that when traffic arrives from one of the nets listed it generates a message? See http://feeds.dshield.org/block.txt -----Original Message----- From: McCammon, Keith [mailto:Keith.McCammon () eadvancemed com] Sent: Thursday, June 13, 2002 2:13 PM To: Tom Sevy; Snort-Users eMail List (E-mail) Subject: RE: [Snort-users] OT: IP Blocks by country/region? I'm sure that there are any number of sites that provide these types of lists. However, I would hardly recommend proactive blocking based on such a list, as IP address assignment is purely administrative. IP address blocks are very commonly ported or redistributed to locations other than the location listed in the various registries. Granted, porting country-to-country is less common than company-to-company, but it is still done. Just my $.02... Keith -----Original Message----- From: Tom Sevy [mailto:tsevy () epx com] Sent: Thursday, June 13, 2002 1:53 PM To: Snort-Users eMail List (E-mail) Subject: [Snort-users] OT: IP Blocks by country/region? Does anyone know of a site that has listings (if such exist) that show what ip address blocks belong to what country or region? As you probably all see in your snort logs, there are a number of countries that seem to be common sources of unwanted traffic. If anyone can offer any suggestions, it would be appreciated. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: IP Blocks by country/region? Tom Sevy (Jun 13)
- Re: OT: IP Blocks by country/region? Imran William Smith (Jun 13)
- <Possible follow-ups>
- RE: OT: IP Blocks by country/region? Hicks, John (Jun 13)
- RE: OT: IP Blocks by country/region? McCammon, Keith (Jun 13)
- RE: OT: IP Blocks by country/region? Tom Sevy (Jun 13)
- RE: OT: IP Blocks by country/region? Tony Carothers (Jun 13)