Mac Dearman wrote:

90% of spam messages to our network and 99% of the DOS attacks we are suffering are in the IP space of RIPE network and I am considering blocking all IPs from RIPE. What would be the most detrimental affect of this for my clients? other than the obvious no traffic to/from the EU? Anyone else ever done this? If I were a National ISP I realize I couldnt do this - - keep in mind I serve a local rural network :-) in Louisiana

Technically, there shouldn't be any major issues. Heck, depending on what kind of router you use, you may even be able to automate the process (completewhois and Team Cymru both offer a number of crazy BGP feed options, you may be able to just get a BGP feed from one of them that has a more-or-less current list of RIPE IPs and just route 'em to Null0).

I'm real close to just blocking all of China and Brazil for the same reason - too much spam and random DDOS traffic originating from there. (I haven't seen very much from RIPE space, by comparison.)

There is bound to be more than a few legitimate applications hosted in RIPE space that, sooner or later, you or one of your end-users will want to see. Consider starting with "merely" blocking SMTP traffic, or (if your mail filtering system supports this) just tagging mail from RIPE space as potential spam. And there are other ways to detect and block potential DDOS traffic, though I can't afford most of them, so I'm not the best person to ask on that point.

If you really want to stir something up, go ask this question on the NANOG list. :D

David Smith
WISPA Wireless List:



Reply via email to