Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones <alan@xxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 21:11:11 -0500
On Mon, 19 Dec 2005 19:40:59 -0600, ibuprofin@xxxxxxxxxxxxxxxxxxxxxx
(Moe Trin) wrote:
>On Mon, 19 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
><069eq1d59ahj4h9qpm179led8126r7foti@xxxxxxx>, Alan Jones wrote:
>
>>I'm allowing, inbound to port 25, only 'ARIN' controlled IP ranges.
>>As you know, ARIN serves North America.
>
>Not so.
>
>[compton ~]$ cat IP.ADDR/stats/ARIN | cut -d' ' -f1 | sort -u | column
>AG BB CH FI HU JP LC PR VG
>AI BE CZ FR IE KN LU SE VI
>AR BM DE GB IL KR NL SG
>AT BS DO GD IT KY NO TR
>AU CA ES HK JM LB PL US
>[compton ~]$
>
>Since when is Argentina (AR), Austria (AT), Australia (AU), Switzerland
>(CH), The Czech Republic (CZ), Germany (DE) and so on in North America?
I can only go by what ARIN says...
http://www.arin.net/community/ARINcountries.html
Even with some bleed-over, allowing only ARIN IP's has been a
'very' big help.
>>Any problems arising from that policy will be handled individually. Any
>>additional needed avenues will be opened up on a case-by-case basis.
>
>Do you really expect to get mail from all of the blocks in North America?
Probably not. Again, it will be handled on a case-by-case basis.
>>I just feel that is a more productive approach than trying block
>>what seems to be an endless range of IP's from countries that
>>have no business viewing my web pages let alone connecting to
>>port 25.
>
>You may find it easier to use the Tactical Nuclear method of filtering.
>For example, if you don't expect US business like HP, GE, or IBM to
>want to connect, you can poke holes at 4.0.0.0/8, 8.0.0.0/8, 12.0.0.0/8
>24.0.0.0/8 (but some of that block is used elsewhere)
I have those blocks allowed.
>[compton ~]$ grep -h ' 24\.' IP.ADDR/stats/[ALR]* | cut -d' ' -f1 | sort
>-u | column
>AR BS CA CL NL PR US
>[compton ~]$
>
>38.0.0.0/8, 46.0.0.0/7, 63.0.0.0/8, 64.0.0.0/4, 192.0.0.0/8 (again, lots
>of countries), 196.0.0.0/8, 198.0.0.0/7, (same problem), 204.0.0.0/6,
>208.0.0.0/7 and 216.0.0.0/8 while blocking or ignoring everything else.
Except for 192, I have those blocks allowed.
>You may wind up missing a lot - but that's your decision. But even with
>these Draconian rules, you're not going to block all "non North American"
>IPs.
Again, I believe fine-tuning on a case-by-case basis is more
productive than playing the never-ending deny hosts game.
'Tactical Nuclear' and 'Draconian' is how I describe spamming
and SSH attacks. Why should I play nice when they don't...
.
- Follow-Ups:
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Moe Trin
- Re: IP ranges used in North America, Hawaii, and Alaska?
- References:
- IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Moe Trin
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Alan Jones
- Re: IP ranges used in North America, Hawaii, and Alaska?
- From: Moe Trin
- IP ranges used in North America, Hawaii, and Alaska?
- Prev by Date: Re: IP ranges used in North America, Hawaii, and Alaska?
- Next by Date: Re: IP ranges used in North America, Hawaii, and Alaska?
- Previous by thread: Re: IP ranges used in North America, Hawaii, and Alaska?
- Next by thread: Re: IP ranges used in North America, Hawaii, and Alaska?
- Index(es):
Relevant Pages
|
