1. Home
  2. Networking Firewalls
  3. Blocking foreign subnets

Blocking foreign subnets

Does anyone know of a way to easily block foreign subnets? i.e. I only want our firewall to answer to US based subnets. Our logs show that most attacks are coming from foreign sources. Ideally, I'd like to have them broken down by country, and I've found databases online for sale. Are there any reliable free subnet/country databases available? And, what are your thoughts on something like this?

On that note, does anyone know of a firewall with this feature built in? Or would the blocking firewall still be susceptible to attacks?

John

Reply to
John
Loading thread data ...

You can get that information free from ARIN via FTP. ARIN is the American Registry for Internet Numbers. They handle the allocation of blocks of IP addresses to ISPs for the U.S., Canada, and some other areas, but they also make available the information from the other Regional Internet Registries.

FTP to ftp.arin.net Go to /pub/stats Go into the apnic, arin, lacnic, and ripencc directories and pick up the most recent "delegated" file from each, selecting the large file from each set (hundreds of thousands of bytes). Be sure to transfer in ASCII mode as they are text files. They don't have an extension to clue your FTP client to automatically select ASCII mode if it has that capability.

Reply to
Ken

In article , John wrote: :Does anyone know of a way to easily block foreign subnets? i.e. I only :want our firewall to answer to US based subnets.

Some of the messages in the thread starting from the following may be of interest to you:

formatting link

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.