> For me it was on 9/11/01. At 3:00 PM EST I started seeing a > semi-coordinated attack against one of my clients (incidents.org) that > involved hundreds of .cn source IP addresses. After 12 hours of chasing > IDS & log detects, my choices where: > > 1) ban the whole country > 2) not go home Hi, We (like most people) have talked about blocking certain ranges at our firewall for the reasons already discussed. My concern is that we are introducing a form of prejudice into the Internet. i.e. if you come from crountry X then you aren't allowed in, regardless of whether your intentions are freindly or hostile. If you had a physical shop, it would be pretty dodgy if you stopped certain people from entering the shop just because they looked like they came from a particular geographical area of the world (I think that's called racism) While I agree, that some net-blocks are a source of alot of hostile traffic. Is it really fair to block all users from those netblocks? If there's any country that can benefit from the freedom of information that the internet offers it would have to be countries like China, and yet many of us are actively restricting what information that have access to. Perhaps we should be focusing on building our server infrastructure to better withstand attacks rather than sheepishly blocking address ranges at the perimeter? This is not an attack against your ideas, but I'd like your comments, cause I'm uncertain as to what is right or wrong here. Regards Ken
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 16:37:41 PDT