However, they were NOT able to reach any of the email servers, web_servers and the IP(s) got put into the Firewall Appliance!

I use this site almost everyday, it has saved the email servers from these malicious attacks that the iptables had no problem dropping their connection so they get ‘dead air’.

The damage they could have done to the email server(s), by trying to fill up the queue or brute_forcing the Linux boxes.

As one person noted Vietnam is horrible, but I am finding the Russian Federation/India/China to all be in the same league of polluted sewer traffic.

I wish they could have their own network, segregated out so they could enjoy spamming/hacking/DoS_attacks to themselves.

Keep up the EXCELLENT work!

The content fields will appear as: status (add/drop)|country name|ISO code|network address|number of hosts. An example of this is data produced on January 5, 2011 appearing below.

drop|EUROPEAN UNION|EU|188.0.0.0|65536
drop|UKRAINE|UA|195.49.200.0|2048
drop|GERMANY|DE|195.149.117.0|256
drop|UNITED STATES|US|198.15.4.0|1024
drop|UNITED STATES|US|198.252.206.0|256
add|UNITED STATES|US|50.74.0.0|131072
add|UNITED STATES|US|199.68.152.0|1024
add|UNITED STATES|US|199.68.160.0|2048
add|UNITED STATES|US|199.68.168.0|2048
add|UNITED STATES|US|204.126.204.0|512
add|UNITED STATES|US|204.136.10.0|512
add|UNITED STATES|US|204.137.26.0|512
add|UNITED STATES|US|204.155.95.0|256
add|UNITED STATES|US|204.156.121.0|256
add|UNITED STATES|US|204.174.0.0|256
add|CANADA|CA|209.145.192.0|16384
add|UNITED STATES|US|216.238.32.0|8192
add|CHINA|CN|101.196.0.0|262144
add|CHINA|CN|122.188.0.0|262144
add|HONG KONG|HK|125.254.52.0|1024
add|NEW ZEALAND|NZ|202.50.85.0|256
add|AUSTRALIA|AU|203.57.192.0|512
add|CZECH REPUBLIC|CZ|46.174.152.0|2048
add|CZECH REPUBLIC|CZ|46.174.160.0|2048
add|SPAIN|ES|46.255.184.0|2048
add|CZECH REPUBLIC|CZ|91.221.246.0|512
add|EUROPEAN UNION|EU|188.66.48.0|4096
add|IRAN, ISLAMIC REPUBLIC OF|IR|195.20.136.0|256
add|CZECH REPUBLIC|CZ|195.20.137.0|256
add|POLAND|PL|195.20.138.0|256
add|EUROPEAN UNION|EU|195.49.200.0|2048
add|ARGENTINA|AR|181.16.0.0|16384
add|NETHERLANDS ANTILLES|AN|186.190.232.0|1024
add|UGANDA|UG|41.75.160.0|4096
add|MALAWI|MW|41.77.8.0|2048
add|SUDAN|SD|197.254.192.0|16384

Stewart White :

Stewart said: “…found in the 75.0.0.0/10 block.”

OK I just figured out CIDR numbering : ) How certain is it that the list does contain *all* U.S. IPs though?

Stewart said: “Can you clarify your question?”

Just what you explained, that some of the /8 blocks that the IANA chart shows assigned to ARIN, etc. may not just be for those regions anymore. But I’d be interested in whether there might still be some big distribution patterns that could contain all US/Canada IP’s while excluding most/all of the rest of the world.

One thing I did notice is that the database seems to have adjacent blocks that could be merged. For example in looking at the 75.xxx.xxx.xxx section (US allow-only list), it looks like the 68 current “allow” lines could (possibly?) be merged into just “75/8″.

Thanks

As for the general issue you mention, 75.36.xxx.xxx is listed on the US list. This network is found in the 75.0.0.0/10 block.

Years ago you may have been able to allow/block countries using “giant” blocks. Unfortunately, current country assignations no longer consist of continuous or contiguous networks. In many cases there are small and large networks from various countries that break up the continuity. Therefore, relying on monster sized blocks my create unforseen circumstances.

Has ARIN redistributed some of its assigned IP blocks to other regions or something??

Can you clarify your question?

A general issue I just found is that (if I’m not mistaken) a rotating IP I myself had today from ATT in California is not on the US list — 75.36.xxx.xxx range. That seems to make an “allow US only” approach unusable. (You might warn people of this and recommend only using “exclude” instead.)

Getting back to my concept of “coarser” ranges, is there some reason why even giant blocks like this can’t be used, if you for example just want to block anything outside ARIN (US/Canada)?:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

Has ARIN redistributed some of its assigned IP blocks to other regions or something??

We are getting close to releasing a php/mysql application that will allow you to select the ranges you want to deny/allow and then respond as needed. We may have a beta version available in a few days. Is this something you would be interested in?

What would be useful as an alternative is a coarser approach using larger ranges of IP’s that will allow/block “most” of what you’re trying to do without worrying about being absolute.

I’d personally like a coarse list that will intentionally allow all US/Canada IP’s (this must be certain), while blocking as much of the rest of the world as possible. IP’s from Western Europe/Australia/NZ/Japan OK to let in as efficiency dictates. A target of like maybe 1000 IP ranges listed in total in the htaccess file.

With a few versions expanding this to Western Europe, etc. and the needs of most administrators could be met. If Mongolia gets blocked along with Nigeria not a crisis for a US celebrity gossip blog.

Similarly, if you had a weekly “delta changes” file that would be nice. Something conceptually similar to a weekly backup and daily differential. That way I only have to download the diffs, and hopefully reduce the burden on your webserver.

Overall, thanks for a great service! It is a real PITA to do this anywhere else.

I get daily visits from india and pakistan and recenly had issues with copyied content from sites designed in those countires and Im getting fed up with it.