hi, On 26/2/02 22:24, "Russell Fulton" <R.FULTONat_private> wrote: > On Wed, 2002-02-27 at 08:36, Glenn Forbes Fleming Larratt wrote: >> It may have been the theory that IP ranges were geographically organized, >> but that's long since gone the way of all things. >> >> We considered blocking all of .kr, since for a time they were the leading >> source of portscans of our network, and got the following abridged results. >> >> I think you'll find that there are chunks per continent, delegated to >> RIPE, APNIC, or some South American registries, but that IP range<->nation >> mappings simply don't exist in a viable or useful way. > > I agree, when the "Korean problem" was at it's worst I was seriously > worried that some people were going to naively block all of 210/7 > because of the number of attacks coming from those two class /8s. > Several major (by our standards ;-) NZ ISPs have address ranges in these > blocks... > > Last time I looked there were several hundred address blocks allocated > to NZ (pop 3.5 million) and I know there are chuncks of address space in > use here that are allocated to global Telcos and no where is is recorded > that the addresses aer in use in New Zealand. People need to be really care and specific about what IP ranges they are going to block. Furthering the NZ example, our /8s are so geographically diverse, that blocking one /8 because it, for instance, contains a lot of russian spam, could also block of most of Europe..... Cheers, Mally Mclane RIPE NCC Operations Sent using the Entourage X Test Drive. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 13:01:04 PST