[Snort-users] OT: IP Blocks by country/region?

Tom Sevy tsevy at ...1701...
Thu Jun 13 11:20:06 EDT 2002

We are thinking of blocking certain country source IP ranges.

I agree that there is risk in this.

Has anyone attempted to take the recommended block list from dshield.org and
make an alert rule so that when traffic arrives from one of the nets listed
it generates a message?

See http://feeds.dshield.org/block.txt 

-----Original Message-----
From: McCammon, Keith [mailto:Keith.McCammon at ...3497...]
Sent: Thursday, June 13, 2002 2:13 PM
To: Tom Sevy; Snort-Users eMail List (E-mail)
Subject: RE: [Snort-users] OT: IP Blocks by country/region?

I'm sure that there are any number of sites that provide these types of
lists.  However, I would hardly recommend proactive blocking based on such a
list, as IP address assignment is purely administrative.  IP address blocks
are very commonly ported or redistributed to locations other than the
location listed in the various registries.  Granted, porting
country-to-country is less common than company-to-company, but it is still

Just my $.02...


-----Original Message-----
From: Tom Sevy [mailto:tsevy at ...1701...]
Sent: Thursday, June 13, 2002 1:53 PM
To: Snort-Users eMail List (E-mail)
Subject: [Snort-users] OT: IP Blocks by country/region?

Does anyone know of a site that has listings (if such exist) that show what
ip address blocks belong to what country or region?

As you probably all see in your snort logs, there are a number of countries
that seem to be common sources of unwanted traffic.  

If anyone can offer any suggestions, it would be appreciated.


Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list