Targeted IP Blocking – Align Web Services to Your Target Markets

Every morning I review a report on internet traffic coming through my servers. I am usually checking to ensure Google is indexing my sites properly, identifying potential prospects from web hits, verifying the spam and anti-virus filters are doing their jobs, and reviewing any new attack vectors that might compromise my perimeter security. The last brought an interesting point to the fore.

Much, if not all, the undesired traffic to my open internet servers originated from Korea and China. This actually accounted for quite a large percentage of my traffic overall. Taking a closer look at the profile, it became obvious that eliminating traffic from these countries would reduce overall bandwidth requirements and improve general serviceability of the public facing network. Since we have no intention of pursuing business in China or Korea, this strategy on the surface provides better focus of network resources to address the needs of our current and target client base.

Achieving this was relatively simple, however there were some challenges. We needed to ensure that legitimate clients travelling abroad still had access to critical services and we could not block responses from those countries as certain software update sites are hosted in those geographies. We adopted a script initially created by Vivek Gite and posted at his blog site to block traffic by country using iptables in Linux and modified it accordingly to allow for the above capabilities. We also tuned the initial script for better run time performance profiling and reduced the demand on the network of the service provider hosting the list of international IP mappings by country.

The end result of implementing this strategy is generally more reliable network performance and a large reduction in network based attacks on our infrastructure. The reduction in the attack level has reduced the overhead of verifying security has held up against each attack as well since these costs increase linearly with the number of attacks against the network.

You can download our enhanced version of the script or read the running commentary at Vivek Gite’s blog site for additional information or alternative implementations of the script.

avatar

About David Picard

David is the President and Founder of PSInd. He has been working in the consulting sector for the banking, financial services, insurance, transportation and telecommunications industries for over 15 years. He began work as an operations consultant after completing his initial tour of duty as an active duty US Army officer with responsibility for operations planning and oversight for site and movement security of nuclear weapons. He has spent considerable time working with Pegasystems building the PRPC BPMS offering and deploying successful BPM implementations on that platform.
This entry was posted in Linux, Network Security and tagged , . Bookmark the permalink.

3 Responses to Targeted IP Blocking – Align Web Services to Your Target Markets

  1. Very good work, thank you very much for the country_block script, i am using it to drop russia, seems that i am assaulted from russia with any kind of spam, hack, dos , and so on ….. no more mother russia on my server :)
    Thank you very much !

  2. avatar Simon says:

    Is you link broekn?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *