RE: SF new article announcement: The great firewall of China

["Brill, Sven A" <sbrill () kpmg com>]

> Does anyone know of an accurate list of IP address blocks 
> mapped to various countries? Doing a WHOIS after an attack or 
> SSH brute-force attempt is rather reactive... this whole 
> approach doesn't make the server any more secure, but 1) it 
> limits the user of compromised machines in large emerging 
> economies as attack launching points, and 2) it makes your 
> logs much shorter and easier to read. :)


Sort of. It's not 100%, and it's not fool-proof. If you are sure that
you want to drop whole countries, check it http://www.ip-to-country.com/
. The actual database is free to download  as a CSV file here:
http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip ,
and from there you can either use it as-is, import it into a database,
or simply filter out the ranges you are interested in and drop them. 

Sven

--
Sven Brill
Information Risk Management
KPMG, LLP
99 High Street
Boston, MA 02110
Phone: 617-988-1629
Fax: 617-988-0890
Mobile: 617-803-9602 



*****************************************************************************
The information in this email is confidential and may be legally privileged.  It is intended solely for the addressee. 
Access to this email by anyone else is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken 
in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in 
this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.  
*****************************************************************************