Bugtraq mailing list archives
RE: Country by Country ISA Computer Sets
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sat, 19 Jan 2008 10:41:04 -0800
There is nothing irrational about identifying the source of unwanted traffic, qualifying what is or isn't malicious, and then taking whatever action you feel is appropriate. If there is no reason (business, personal, or otherwise) for traffic from the US or the UK to be reaching your network, then by all means block all of it if that is what you choose to do. If you re-read my post, you'll see that the purpose for the sets is for people to make *educated* decisions regarding what they may choose to block and from where. In my case (and cases where colleagues tested this) blocking all SMTP from China resulted in a dramatic (not just "noticeable") reduction in overall SPAM. In the case of the site that I own (HoG) I decided to actually block ALL traffic from China across the board. Does this mean that some people who legitimately want to view Hammer of God content will blocked? Yep. Sure does - but that is my choice to make. I don't get emails from people in China, so SMTP is no problem. My web traffic gets logged in SQL as well - and I have looked for valid requests there as well, and have not seen any - so I think it is a perfectly valid action *for me*. It obviously isn't for other people, but at least they can make their own decisions of what to block (or allow) from where. Nowhere did I say "you need to block all traffic from these countries." I simply said "here are pre-constructed IP sets by country for you to use to make educated and informed decisions of what to do for your network." There's nothing irrational about that. t
-----Original Message----- From: Paa.listas [mailto:paa.listas () gmail com] Sent: Saturday, January 19, 2008 3:19 AM To: Thor (Hammer of God); bugtraq () securityfocus com Subject: RE: Country by Country ISA Computer Sets Hello, Most of the attacks to my network come from USA and UK. Do I
need
to deny all access from those countries? I think that the simple idea is irrational. I should block _attacks_ from those countries, inform the IP owners(ISP), and keep my network secure (it is the least that I can do) nothing
more
against those (or any other) country. That is what I think. :) Saludos. Pablo.
Current thread:
- Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 15)
- Message not available
- Re: Country by Country ISA Computer Sets The Fungi (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- Re: Country by Country ISA Computer Sets Richard Powell (Jan 18)
- Re: Country by Country ISA Computer Sets The Fungi (Jan 18)
- Message not available
- Re: Country by Country ISA Computer Sets GomoR (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 18)
- Message not available
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 21)
- RE: Country by Country ISA Computer Sets Jim Harrison (Jan 22)
- RE: Country by Country ISA Computer Sets Thor (Hammer of God) (Jan 21)