Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. Uncategorized
  3. Dear #infosec friends - I have a requirement from work to block IPs based on a specific subset of countries and territories.

Dear #infosec friends - I have a requirement from work to block IPs based on a specific subset of countries and territories.

Scheduled Pinned Locked Moved Uncategorized
infosec
3 Posts 3 Posters 7 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • edolnx@kind.socialE This user is from outside of this forum
    edolnx@kind.socialE This user is from outside of this forum
    Carl
    wrote last edited by
    #1

    Dear #infosec friends - I have a requirement from work to block IPs based on a specific subset of countries and territories. MaxMind was the first thing I thought of, but it's fairly unreliable in my experience. Is there a better way to determine these deny-lists based on ASN or some other more real-time solution?

    cr0w@infosec.exchangeC 1 Reply Last reply
    0
    • cr0w@infosec.exchangeC This user is from outside of this forum
      cr0w@infosec.exchangeC This user is from outside of this forum
      cR0w
      replied to Carl last edited by
      #2

      @edolnx I don't know of an existing reliable solution, but I think @ryanc deployed one in the past. Maybe they have some pointers.

      ryanc@infosec.exchangeR 1 Reply Last reply
      0
      • ryanc@infosec.exchangeR This user is from outside of this forum
        ryanc@infosec.exchangeR This user is from outside of this forum
        Ryan Castellucci :nonbinary_flag:
        replied to cR0w last edited by
        #3

        @cR0w @edolnx If it's a compliance requirement, just use MaxMind.

        If that is not good enough, I don't know what would be. I can tell you how to check BGP data in near real time, but ASN registration data is not always accurate, and originating ASN can be faked (I've seen it done).

        If I deeply cared about this I would probably run traceroutes to the IP in question from a bunch of known reference points and trilaterate (there is a published paper about this, nobody's bothered to commercialize it AFAIK), but then you need to wait a nontrivial amount of time (half a second minimum) for the data.

        Also, it would make network operators mad.

        1 Reply Last reply
        0

        Copyright © 2024 NodeBB | Contributors
        • Login
        • Don't have an account? Register
        • Login or register to search.
        Powered by NodeBB Contributors
        • First post
          Last post
        0
        • Home
        • Categories
        • Recent
        • Popular
        • World
        • Top
        • Tags
        • Users
        • Groups
        • Documentation
          • Home
          • Read API
          • Write API
          • Plugin Development