I suspect you will encounter a major problem re DDS attacks and other intrusions in that many attacks are done via hijacked PC’s and servers in countries that you normally engage in genuine activities.
Consider the Sony attack – possibly from systems based in South America, and there is little actual effective control that would stop an attack from systems based in the USA (according to their profiles as visible to the target.) Consider how easy it would be to get a web name such as homeland_security.com and have it hosted by – say someone like Microsoft before the “9/11” So – how about trying to picking a name that may appear to be a widely accepted ‘authority’ by those using Bing or Google - Twitter.abuse.reports.com FBI_Frauds.com consumer_Frauds.com consumerFrauds.com JimB From: [email protected] [mailto:[email protected]] On Behalf Of Ed Ziots Sent: Tuesday, January 06, 2015 3:52 PM To: [email protected] Subject: Re: [NTSysADM] Geo IP Filters China Russia Ukraine Romania and usa Are usually your big hitters. I know u can't geoip block usa but in would start with egress filter on first 4. Then reevaluate and again look for top hitters. Others that are also game players are netherlands Germany and france. Ovh and lease Web is an are some of the most vurtulent when it comes to malicious activity. Ed On Jan 5, 2015 11:31 AM, "Jesse Rink" <[email protected]> wrote: I'm looking at enabling the Geo-IP Filter on a few of my Sonicwalls to prevent access to/from some 'suspect' countries that are more likely to pose security concerns/issues for internet related traffic. Is anyone aware of any list that shows which countries are more likely to be a security risk or for DoS attacks, viruses, bot-nets, etc.? I'm guessing China is a big one, but I'm not sure which other countries are the ones I should be blocking. Thanks. JR
