my 2 cts :
Nick Drage wrote:
On Thu, Sep 16, 2004 at 09:33:03AM -0700, Hudson Delbert J Contr 61 CS/SCBN wrote:
why do this ?
There's a good set of reasons on:
http://ip-to-country.webhosting.info/
good set of reasons... but none of these is a good reason :-)
let me disagree... youre gonna drop eberybody from one country... most of them are innofensive...seems a bit nasty in nature.
Depends how you use the information. And to be honest considering the reputation of some sources of traffic, such as Korea and South America, which might be unlikely to have legitimate connections to your site, it would be handy to block them all.
and more : the really bad guys will just have to hack a good looking computer in a "good" country.
And then they will bypass this miraculous system...
You will just FEEL safe but you wont be at all... and you'll just hit everybody but your "target" :-\
It IS ab bit nasty... and more : it is blind ineffective.
If you're dealing with "bad guys" you'd better invest in a Intrusion prevention system...we dont even do this sort of thing? see email addy...
But you're a worldwide organisation, and I think there's much more that you can do with this than just block. For example, has anything figured out a way to tie this into logging rules, it would great to see which countries I'm being attacked from.
start on a snort or prelude basis for example... then you'd be able to adapt dynamically netfilter.
if you have to protect some data, authenticate your users/customers no matter from which country they are.
grtx.
