Re: banning foreign Internet Providers

On Wed, 24 Jun 2009, in the Usenet newsgroup alt.os.linux, in article
<3b990248-7daf-4039-a1ed-4666e9e3f8a1@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Dave Kelly wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

In an effort to curtail the current spam attacks I was wondering if
I could ban all IPs and only allow those in a 200 mile radis.

HIGHLY unlikely. A slightly simpler solution is to "ban" everyone
by default, allowing only connections from specific white-listed
addresses or address ranges. Good luck.

Where do I go to find how the world is divided by IP regions?

It's not. See http://www.iana.org/assignments/ipv4-address-space
Google says you are posting from 71.2.179.68 which belongs to
Sprint DSL Networks. 71.0.0.0/8 is only _registered_ to entities
based in Canada and the USA - but what about... 64.0.0.0/8 or
66.0.0.0/8?

[compton ~]$ zgrep -h ' 64\.' IP.ADDR/stats/[ALR]* | cut -c1-2 |
sort -u | column
AU BS DO LS PR US
BB CA JP NO TT
[compton ~]$ ^64^66
zgrep -h ' 66\.' IP.ADDR/stats/[ALR]* | cut -c1-2 | sort -u | column
AR CA DO PR VI
BM CO JM US ZA
[compton ~]$

Know your ISO-3166 country codes? The other key to think about is
that word "registered". The company I work for is large, and if you
look at the whois data you'd see a New York state address - but if
you were to traceroute, the last addresses you'd see before the
black hole of our perimeter firewall are routers near San Francisco
about 2500 miles away - yet I'm near Phoenix, Arizona, and the subnet
either side of mine are in Japan and France. Register data has
nothing to do with the actual physical location of any/all addresses.

The five Regional Internet Registries noted on the web page above
have a total of 95997 IPv4 networks (and 3450 IPv6) in their databases
as of a week ago. Address blocks are not allocated/assigned on any
basis that makes blocking by country or even by region "easy".

Old guy
.

Relevant Pages

  • Re: Cant view merge agent properties (trying again)
    ... The managers ... of that team are on that alias and will get back to you fairly quickly. ... When you successfully register we attempt to popup a page with more ... posting using is, not the address you used for this post. ...
    (microsoft.public.sqlserver.replication)
  • Re: SATA exceptions with 2.6.20-rc5
    ... Right now when switching between ADMA mode and legacy mode (i.e. when going from doing normal DMA reads/writes to doing a FLUSH CACHE) we just set the ADMA GO register bit appropriately and continue with no delay. ... Rationale being that if it is a write posting ...
    (Linux-Kernel)
  • Re: Obama draft registration hoax
    ... Because as I understand it, anyone who is 18 years of age, whenObama ... person who does not register has broken the law. ... posting was in September. ... And the major media would have been ...
    (soc.retirement)
  • Re: Obama draft registration hoax
    ... Because as I understand it, anyone who is 18 years of age, whenObama ... person who does not register has broken the law. ... posting was in September. ... And the major media would have been ...
    (soc.retirement)