Title: Message
I'm talking about creating a list of narrowed ranges
that conduct dictionary attacks.
Chuck Schick wrote:
If you are talking about blocking entire class
A's, I would not recommend it. The 24.0.0.0/8 contains a lot of
comcast IPs so if you have customers that use a comcast connection you
could block them. The other IPs you mention are allocated to non north
american backbones - you mileage may vary on blocking those. We have a
lot of clients doing business overseas so we have to be very careful
who we block. I know other hosts who block all of Korea, china, etc.
without a problem.
Now that this is working as it should be I'm
noticing that there are IP blocks that start with 24, 61, 200, 211, and
222. Would it be worthwhile to simply block everything from such a
range? I don't know where they originate from but it seems that if we
shared such a list we could effectively block many dictionary attacks.
Thoughts?
|
