[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: [cobalt-users] dip.t-dialin.net IP Range
- Subject: Re: AW: [cobalt-users] dip.t-dialin.net IP Range
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Tue May 1 01:37:25 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Wayne Sagar" <wsagar@xxxxxxxx> wrote:
> Thanks... So then, what's the rub for adding complete countries to the
> hosts.deny file? We would only be disallowing anyone in those countries
> from using services we did not want used.
>
> Seems a good way to do it..
I don't think it will be possible to find the IP ranges for an entire
country, but you could probably find most of the IP ranges for the ISPs in a
country using methods described earlier in this thread by others. If you're
having problems with scans from Japan (I think you mentioned Asia, I'm not
singling out Japan in particular) it's not as simple as plopping 'ALL: .jp'
in hosts.deny. Also, keep in mind that any hacker / script kiddie that can
get access to a machine that isn't blocked from your server will be able to
circumnavigate the fact that they might be connected to that machine from an
IP you've blocked. In other words, anyone with the skills to hack your
server (assuming there's a vulnerability) or initiate a DOS will be able to
as long your server is connected to the internet. I'm not saying it doesn't
make sense to actively take steps to block access to potential threats, but
I want everyone reading this to be aware that there's no magic bullet.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/