I've been looking for a Geo-IP block list for Cisco hardware that will allow me to drop packets sourced from malicous folks like Russia, China, Brazil, Eastern Europe, South American, All of Africa.. you know, most of the world. There are a lot of people on the internet these days, and traffic from certain sources has an extremely high probability of being malicous, and exteremely low chance of being legitimate. Well I haven't found exactly what I'm looking for yet, but one thing that is handy, if you don't know about it already is the drop list from spamhaus.
This list is updated regularly, which means you would need to update regularly.
Here is a guide on automating the udpates to a linux box running ip-tables.
There is another block list on Dshield
While these are decent I'm looking for something much lager the deals not only with spammers, malcious IP's but hostile countries all-together. If you know of something good please comment.
Subscribe to:
Post Comments (Atom)
Posts
Some basic PC's one are peerguardian http://phoenixlabs.org/pg2/
ReplyDeleteThis reguarly go out for updates, and you can define your own list. Another is http://www.mvps.org/winhelp2002/hosts.htm
that replaces your hosts file with a bunch of bad sites pointing to 127.0.0.1.