|
Posted by Ken on April 12, 2005, 8:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi John -
>Does anyone know of a way to easily block foreign subnets? i.e. I only
>want our firewall to answer to US based subnets. Our logs show that
>most attacks are coming from foreign sources. Ideally, I'd like to
>have them broken down by country, and I've found databases online for
>sale. Are there any reliable free subnet/country databases available?
>And, what are your thoughts on something like this?
You can get that information free from ARIN via FTP. ARIN is the
American Registry for Internet Numbers. They handle the allocation of
blocks of IP addresses to ISPs for the U.S., Canada, and some other
areas, but they also make available the information from the other
Regional Internet Registries.
FTP to ftp.arin.net
Go to /pub/stats
Go into the apnic, arin, lacnic, and ripencc directories and pick up
the most recent "delegated" file from each, selecting the large file
from each set (hundreds of thousands of bytes). Be sure to transfer
in ASCII mode as they are text files. They don't have an extension to
clue your FTP client to automatically select ASCII mode if it has that
capability.
--
Ken
http://www.ke9nr.net/
| 
XML site map