Comments on: Malicious Internet Activity The Top 10 Countries http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/ Security Solutions With Searchable IP Block Database Tue, 09 Feb 2010 22:25:43 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: admin http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-262 admin Tue, 08 Sep 2009 14:55:17 +0000 http://www.countryipblocks.net/?p=103#comment-262 <a href="#comment-260" rel="nofollow">@Josh</a> Josh: Thank you for addressing the problem. The links have been edited to resolve to the correct location. @Josh
Josh:

Thank you for addressing the problem. The links have been edited to resolve to the correct location.

]]> By: Josh http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-260 Josh Tue, 08 Sep 2009 00:55:19 +0000 http://www.countryipblocks.net/?p=103#comment-260 The links are pointing to http://www.remotetm.net/e_country_data/..... You can get the data by substituting the domain names manually. Still a pain though The links are pointing to http://www.remotetm.net/e_country_data/…..

You can get the data by substituting the domain names manually. Still a pain though

]]> By: admin http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-233 admin Fri, 28 Aug 2009 15:10:54 +0000 http://www.countryipblocks.net/?p=103#comment-233 All the IP Block text links are accurate. Please check that you are not using a cached page or the older links. Refresh your cache, update the links and try again. All the IP Block text links are accurate. Please check that you are not using a cached page or the older links. Refresh your cache, update the links and try again.

]]> By: MC http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-232 MC Fri, 28 Aug 2009 12:47:37 +0000 http://www.countryipblocks.net/?p=103#comment-232 Hi...none of the text links for IP ranges or .htaccess blocks work - can you update them? Hi…none of the text links for IP ranges or .htaccess blocks work – can you update them?

]]> By: Richard S. Westmoreland http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-209 Richard S. Westmoreland Tue, 11 Aug 2009 14:02:14 +0000 http://www.countryipblocks.net/?p=103#comment-209 You need to update your links, as they are still using remotetm.net. You need to update your links, as they are still using remotetm.net.

]]> By: Guilherme http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-148 Guilherme Mon, 06 Jul 2009 15:42:30 +0000 http://www.countryipblocks.net/?p=103#comment-148 Oh, thanks. This really helped me out. I've been having lots and lots of spam visitor from Ukraine, and now I just blocked all the IP span from this region. I hope I'll never have this intruders again. This top ten is great. Oh, thanks. This really helped me out. I’ve been having lots and lots of spam visitor from Ukraine, and now I just blocked all the IP span from this region. I hope I’ll never have this intruders again.
This top ten is great.

]]> By: Joe http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-15 Joe Sat, 16 May 2009 23:35:34 +0000 http://www.countryipblocks.net/?p=103#comment-15 Thank you for a great response. You are absolutely correct (unfortunately). After I wrote this request, I did some further digging on RIPENCC and Domain Tools. It certainly makes things quite difficult. I think my best answer at the moment is to only allow 'US' systems to connect. It's amazing how many spam form bots are out there. I really like the idea of aggregated lists and can't wait for it to come out. You guys have some really powerful tools here. Keep up the great work! Will definately consider a backlink to this site for other people who are in the same situation that I am. Thanks Thank you for a great response. You are absolutely correct (unfortunately). After I wrote this request, I did some further digging on RIPENCC and Domain Tools. It certainly makes things quite difficult. I think my best answer at the moment is to only allow ‘US’ systems to connect. It’s amazing how many spam form bots are out there.

I really like the idea of aggregated lists and can’t wait for it to come out. You guys have some really powerful tools here. Keep up the great work!

Will definately consider a backlink to this site for other people who are in the same situation that I am.

Thanks

]]> By: admin http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-14 admin Sat, 16 May 2009 16:02:20 +0000 http://www.countryipblocks.net/?p=103#comment-14 Joe: You have asked an excellent question. The answer to your question is yes and no. In the old days you might've been able to get away with a clean block on /8. But there is a problem with your request. First, while ARIN does have records pointing to 80.0.0.0/8 as the block for 80.67.6.226, ARIN is not the registrar. The correct registrar is RIPENCC. If you go to www.ripe.net and do a lookup on 80.67.6.226 you will see it actually belongs to 80.67.0.0/20 in Sweden not the Netherlands. It is further subnetted to 80.67.6.224/27. If we mask networks with /8's we will end up blocking several different countries with one mask. This is impractical for our current purposes. However, one of the things we are working on is an aggregated list for each country. This would significantly shorten all the lists. You still won't end up with /8's but the list size would shrink. We are also developing "whois" capabilities to allow you to narrow the real troublemaking networks down. Thanks for your great comments. We hope you continue to use our data and that you will invite friends to check us out. Oh, a backlink is always great! Joe:

You have asked an excellent question. The answer to your question is yes and no. In the old days you might’ve been able to get away with a clean block on /8. But there is a problem with your request. First, while ARIN does have records pointing to 80.0.0.0/8 as the block for 80.67.6.226, ARIN is not the registrar. The correct registrar is RIPENCC.

If you go to http://www.ripe.net and do a lookup on 80.67.6.226 you will see it actually belongs to 80.67.0.0/20 in Sweden not the Netherlands. It is further subnetted to 80.67.6.224/27.

If we mask networks with /8’s we will end up blocking several different countries with one mask. This is impractical for our current purposes.

However, one of the things we are working on is an aggregated list for each country. This would significantly shorten all the lists. You still won’t end up with /8’s but the list size would shrink. We are also developing “whois” capabilities to allow you to narrow the real troublemaking networks down.

Thanks for your great comments. We hope you continue to use our data and that you will invite friends to check us out. Oh, a backlink is always great!

]]> By: Joe http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/comment-page-1/#comment-13 Joe Sat, 16 May 2009 12:37:50 +0000 http://www.countryipblocks.net/?p=103#comment-13 I've used the country IP network tool for deny .htaccess and it's been very helpful. I also find the top 10 list interesting. My particular issue: the majority of malicious traffic today for me is from the Netherlands. Anyhow, I've noticed some issues, primarily in address not falling into country ranges. For example, I have an IP 80.67.6.226 hitting my site attempting form based attacks. A lookup on ARIN shows this as CIDR: 80.0.0.0/8, Country: NL. I ran this against the current list of IP Networks from Country IP Blocks tool (see list below) and found that it doesn't fall into any ranges. To make the .htaccess file a bit cleaner, smaller and faster, is there a possibility to option by masking with /8's where they are applicable? I've notcied quite a few IPs in the same situation as the one I listed above. Thanks for creating a great tool. -Joe deny from 80.56.0.0/15 deny from 80.60.0.0/15 deny from 80.64.240.0/20 deny from 80.65.96.0/20 deny from 80.65.112.0/20 deny from 80.69.64.0/20 deny from 80.69.80.0/20 deny from 80.69.160.0/20 deny from 80.73.128.0/20 deny from 80.79.32.0/20 deny from 80.79.96.0/20 deny from 80.79.192.0/20 deny from 80.84.224.0/20 deny from 80.84.240.0/20 deny from 80.85.32.0/20 deny from 80.85.128.0/20 deny from 80.85.160.0/20 deny from 80.89.224.0/20 deny from 80.94.64.0/20 deny from 80.95.160.0/20 deny from 80.100.0.0/15 deny from 80.112.0.0/17 deny from 80.112.128.0/18 deny from 80.112.192.0/18 deny from 80.113.0.0/16 deny from 80.114.0.0/17 deny from 80.114.128.0/18 deny from 80.114.192.0/18 deny from 80.115.0.0/17 deny from 80.115.128.0/18 deny from 80.115.224.0/19 deny from 80.126.0.0/15 deny from 80.242.96.0/20 deny from 80.242.224.0/20 deny from 80.242.240.0/20 deny from 80.246.176.0/20 deny from 80.246.192.0/20 deny from 80.247.128.0/20 deny from 80.247.144.0/20 deny from 80.247.160.0/20 deny from 80.247.192.0/20 deny from 80.247.208.0/20 deny from 80.248.32.0/20 deny from 80.252.80.0/20 deny from 80.255.240.0/20 I’ve used the country IP network tool for deny .htaccess and it’s been very helpful. I also find the top 10 list interesting. My particular issue: the majority of malicious traffic today for me is from the Netherlands. Anyhow, I’ve noticed some issues, primarily in address not falling into country ranges.

For example, I have an IP 80.67.6.226 hitting my site attempting form based attacks. A lookup on ARIN shows this as CIDR: 80.0.0.0/8, Country: NL. I ran this against the current list of IP Networks from Country IP Blocks tool (see list below) and found that it doesn’t fall into any ranges.

To make the .htaccess file a bit cleaner, smaller and faster, is there a possibility to option by masking with /8’s where they are applicable? I’ve notcied quite a few IPs in the same situation as the one I listed above.

Thanks for creating a great tool. -Joe

deny from 80.56.0.0/15
deny from 80.60.0.0/15
deny from 80.64.240.0/20
deny from 80.65.96.0/20
deny from 80.65.112.0/20
deny from 80.69.64.0/20
deny from 80.69.80.0/20
deny from 80.69.160.0/20
deny from 80.73.128.0/20
deny from 80.79.32.0/20
deny from 80.79.96.0/20
deny from 80.79.192.0/20
deny from 80.84.224.0/20
deny from 80.84.240.0/20
deny from 80.85.32.0/20
deny from 80.85.128.0/20
deny from 80.85.160.0/20
deny from 80.89.224.0/20
deny from 80.94.64.0/20
deny from 80.95.160.0/20
deny from 80.100.0.0/15
deny from 80.112.0.0/17
deny from 80.112.128.0/18
deny from 80.112.192.0/18
deny from 80.113.0.0/16
deny from 80.114.0.0/17
deny from 80.114.128.0/18
deny from 80.114.192.0/18
deny from 80.115.0.0/17
deny from 80.115.128.0/18
deny from 80.115.224.0/19
deny from 80.126.0.0/15
deny from 80.242.96.0/20
deny from 80.242.224.0/20
deny from 80.242.240.0/20
deny from 80.246.176.0/20
deny from 80.246.192.0/20
deny from 80.247.128.0/20
deny from 80.247.144.0/20
deny from 80.247.160.0/20
deny from 80.247.192.0/20
deny from 80.247.208.0/20
deny from 80.248.32.0/20
deny from 80.252.80.0/20
deny from 80.255.240.0/20

]]>