Re: SF new article announcement: The great firewall of China
From: Kelly Martin (kel_at_securityfocus.com)
Date: Wed, 31 Aug 2005 20:05:35 -0400 To: Micheal Espinola Jr <firstname.lastname@example.org>
Micheal Espinola Jr wrote:
> Meh. This just goes with the standard security best practice: Block
> everything and allow only what you need.
> Do I block China? Yep. Korea? Yep. Russia? Yep. Etc, etc...
Does anyone know of an accurate list of IP address blocks mapped to
various countries? Doing a WHOIS after an attack or SSH brute-force
attempt is rather reactive... this whole approach doesn't make the
server any more secure, but 1) it limits the user of compromised
machines in large emerging economies as attack launching points, and 2)
it makes your logs much shorter and easier to read. :)