On Wed, 2002-02-27 at 08:36, Glenn Forbes Fleming Larratt wrote: > It may have been the theory that IP ranges were geographically organized, > but that's long since gone the way of all things. > > We considered blocking all of .kr, since for a time they were the leading > source of portscans of our network, and got the following abridged results. > > I think you'll find that there are chunks per continent, delegated to > RIPE, APNIC, or some South American registries, but that IP range<->nation > mappings simply don't exist in a viable or useful way. I agree, when the "Korean problem" was at it's worst I was seriously worried that some people were going to naively block all of 210/7 because of the number of attacks coming from those two class /8s. Several major (by our standards ;-) NZ ISPs have address ranges in these blocks... Last time I looked there were several hundred address blocks allocated to NZ (pop 3.5 million) and I know there are chuncks of address space in use here that are allocated to global Telcos and no where is is recorded that the addresses aer in use in New Zealand. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 15:38:02 PST