Daniel Miessler

Discussion: Where’s the Best Place For Country Blocks?

June 12, 2009
#business #cybersecurity #nationalsecurity #technology
programming-400x267

In a scenario where your SMB or enterprise gets constantly bombarded (portscans, brute force, spam, etc.) by Russia, China, Brazil, et al., and where you don’t do business in these countries, where’s the best place to block them?

Here are a few options (add as necessary):

  • Border router ACL

  • Firewall ACL

  • Separate, dedicated appliance

  • Network IPS

  • Border router routing (blackholing)

This is also assuming you can’t do a simple, tight whitelist ACL on the firewall–which would make the solution pretty easy–and instead have to specifically blacklist because there are a large number of legitimate foreign IP blocks.

Related: Do you guys blacklist at a granular level (hundreds or thousands of networks), or do you do only the few primary /8’s?

What are your thoughts on the best method?

Follow
Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

Since 1999 I've been creating ad-free technical tutorials and essays here. It's a one-person effort that's also my life and livelihood. If it makes your day more livable in any way, please consider supporting the work with a monthly or one-time donation. Your support means a lot to me, and makes all the difference. 🫶🏼

Monthly Support

$5 $10 $25 $50 $100

One-Time Support

$5 $10 $25 $50 $100
Search
HOME·BLOG·ARCHIVES·ABOUT