General discussion

Locked

Blocking entire countries

By TechStop ·
If I wanted to block an entire country from being able to access my network, is there a way to do this?

That is, does anyone know if there are specific allocations of IP blocks which, if I blocked them, would effectively prevent all computers from a specific country from contacting me?

Specifically, I would like to be able to block all of Korea and/or all of Brazil, as two examples. I'm pretty sure you can catch all of Brazil (although you probably get most of South America with it) by blocking 200.0.0.0/8. But what about Korea?

It's also important (and here Brazil is a bummer) to be able to block the country without blocking other countries, or at least huge chunks of other countries. For example, I don't like blocking 200.0.0.0/8 because it catches other S.A. countries.

I'm tired of addresses that don't resolve being used to attack my computers. And most seem to originate in those two countries when I finally track them down. I'm talking firewall blocking, btw, not just e-mail.

Thanks, in advance.

P.S. Points only given for actual solutions. If you make a suggestion, and after a few days of watching (which is all it should take, as often as this happens) it works, I will award points and close the question.

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Blocking entire countries

by edelaurelle In reply to Blocking entire countries

I am currently blocking APNIC by dropping packets to and from 211.0.0.0/8, 210.0.0.0/8, 203.0.0.0/8, and 202.0.0.0/8. This works fine for me. These IPs are notorious for scanning.

Collapse -

Blocking entire countries

by TechStop In reply to Blocking entire countries

Lizzy's answer was exactly on target. I'm grateful that you took the time to answer. While I appreciate your answer, it only mentions a few blocks that belong to the APNIC, without providing the ability to block specific areas. I do thank you fortaking the time, though.

Collapse -

Blocking entire countries

by TechStop In reply to Blocking entire countries

edelaurelle: First, let me say thanks. The question I was asking though is if there's a way to target specific countries and _know_ what you're getting. If no one else posts any response to that question by Friday, Sept 6, I will close the question and give all the points to you. But the actual question was about maybe finding a list or an Internet site or some way of knowing how to block specific countries. Getting the APNIC might be a good start, I suppose, but what if I only want to block Korea and Brazil?

Collapse -

Blocking entire countries

by Joseph Moore In reply to Blocking entire countries

The Korea Network Information Center (krnic.net) is the official registrar for all .KR domains. At their web site, they have an Internet Statistics page, which lists statistics for .KR domains, their usage, etc.
One interesting they have is a downloadable Excel spreadsheet, with all kinds of statistics. As of July 2002, 414 AS numbers have been assigned in under the .KR top-level domain, and over 24 million IP addresses have been assigned. See? Stuff like that!
Well, I am pointing this out toyou because one of the things they have is a page of each 2nd level domain, and the total IPs that have been assigned for each one.
The thing for you is, it lists EVERY single 2nd-level domain that comes out of Korea. Here is the list:

co.kr
re.kr
ne.kr
or.kr
pe.kr
go.kr
seoul.kr
gyeounggi.kr
kyonggi.kr
incheon.kr
gangwon.kr
kangwon.kr
chungbuk.kr
chungnam.kr
daejeon.kr
taejon.kr
gyeongbuk.kr
kyongbuk.kr
gyeongnam.kr
kyongnam.kr
daegu.kr
taegu.kr
busan.kr
pusan.kr
jeonbuk.kr
chonbuk.kr
jeonnam.kr
chonnam.kr
gwangju.kr
kwangju.kr
ulsan.kr
jeju.kr
cheju.kr
kg.kr
es.kr
ms.kr
hs.kr
sc.kr
ac.kr

Collapse -

Blocking entire countries

by Joseph Moore In reply to Blocking entire countries

My suggestion to you is to block any/all IPs that resolve to any of these 2nd-level domains.

hope this helps

Collapse -

Blocking entire countries

by Joseph Moore In reply to Blocking entire countries

The link to this spreadsheet is here:
http://stat.nic.or.kr/english/domain.html

Click the EXCEL FILE DOWNLOAD link on the left.

Collapse -

Blocking entire countries

by TechStop In reply to Blocking entire countries

This is a partial answer to what I was looking for. Lizzy hit it on the nail with the next answer. But I didn't want to NOT give points to other people who actually had decent answers, too. Thanks!

Collapse -

Blocking entire countries

by Lizzy In reply to Blocking entire countries

I found this back around 5\2\02:

http://www.idefense.com/Intell/CI022702.html

(No spaces in the URL)
It starts out by saying
"Country-to-IP Address Mappings Compiled

In the wake of the Sept. 11 terrorist attacks, iDEFENSE compiled a list of IP addresses mapped to countries that the US Department of State identified as harboring terrorists. Such lists may be useful to network administrators when trying to determine the source of network traffic. Following that report, iDEFENSE received requests from several clients asking for specific countries not included on the State Department's list. This expanded list of 80 countries includes most of those requested and other adjacent countries.

Inclusion on this list does not in any waysuggest there's terrorist or hacker activities in these countries.

iDEFENSE Labs spidered and sorted the IP address allocation information from the American Registry for Internet Numbers at http://www.arin.net, the Asia Pacific Network Information Centre at http://www.apnic.net and RIPE Network Coordination Centre at http://www.ripe.net to compile a range of IP addresses associated with as many countries that our customers have requested as possible.

Some countries such as Afghanistan, Iraq, North Korean, Panama and Sudan do not have enough publicly registered information to generate these lists. The United States list is also unavailable due to its nonstandard allocation patterns."

This site looks like what you will want. Hope this helps.

Collapse -

Blocking entire countries

by TechStop In reply to Blocking entire countries

Now THIS is EXACTLY what I was looking to find! THANK YOU!

Collapse -

Blocking entire countries

by TechStop In reply to Blocking entire countries

This question was closed by the author

Back to Security Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums