On Mon, 2004-09-20 at 07:53, Nick Drage wrote: > > > So, whats the reason is banning some countryes? > > Imagine > I'm going travelling, and I know I'm only going to South America, so I > want to open up my ssh daemon to more addresses. However I don't want > to permit the entire Internet to have a go at the daemon, but I'm > willing to open it up to South America to increase the risk slightly > in return for permitting myself SSH access wherever I am. Well said. I find it kind of strange that people are cool with blocking ranges of ports, but as soon as you get into blocking ranges of IP addresses they get squeamish and may even label you a bigot. Its simply a matter of risk Vs. business need. My business model requires an SMTP server so I accept the risk of exposing that port to Internet access. My business model *does not* require NetBIOS/IP, so those ports are obviously blocked. Why accept the risk involved if there is no business argument for it? Blocking IP ranges is exactly the same thing. If I do business in Canada, the UK, etc., then obviously I have to accept the risk of exposing my services to those IP blocks. If I don't do business in China and know I never will, what's the point in accepting the risk of attack from that country? Cheers, Chris
