Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to block all IP addresses not from the USA>

Posted on 2010-08-17
6
Medium Priority
?
1,317 Views
Last Modified: 2013-11-16
I have  been task with blocking all IP  addresses not from the USA from our system.

I am looking for suggestions on the easiest way to set up our ASA5510s.
0
Comment
Question by:jimmylew52
6 Comments
 
LVL 2

Assisted Solution

by:uscshaggy
uscshaggy earned 600 total points
ID: 33456387
There isn't a standard block of addresses that will always indicate a US-based device/computer.  There will be hundreds of IP ranges, that are pretty constantly changing.  In order to block non-US IPs effectively, you really need to use geolocation software or service on your Web Server.  See this link for an example:  http://code.google.com/apis/gears/api_geolocation.html
0
 
LVL 3

Accepted Solution

by:
drcheap earned 1000 total points
ID: 33456507
This is true, it is not easy to dierctly and accurately correlate geographical location to IP address, much less large blocks of them.

Aesources which may help a lot though:
http://www.iana.org/numbers

More specifically:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
and
https://www.arin.net/knowledge/ip_blocks.html
0
 
LVL 1

Assisted Solution

by:Elysithea
Elysithea earned 400 total points
ID: 33484506
I would love to know the reason for doing this... but anyway

I guess if you need to do it on your routers it would be easier to block all and just allow the usa blocks - at least this would minimise the amount of address blocks you are worried about.

It might be worth a call to your isp as it could be a lot easier for them to do this as they will probably have a gateway for international traffic where they could deny access for your account. I am not sure how this works exactly but the alternative of geolocation or managing address blocks is going to be difficult to say the least - probably worth a try.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:jimmylew52
ID: 33484740
Thanks to all of you I have settled on an acceptable solution. I will be blocking the majority of the IP blocks from asia and Europe. So far it has been helpful in blocking the attacks coming from there.

Reason - a couple of our servers, that have been attacked, have problems during the attacks and require us to monitor they constantly to keep them operational. The attacker does not gain entry to the server but it, I believe it is a bot, stalls one of the services during the attack. We are not able to limit the IP that have access because they are constantly changing. The IPs are  all USA IPs.
0
 
LVL 1

Expert Comment

by:Elysithea
ID: 33486052
ok if thats the problem there might be a better solution to this.

Without going realy deep you could put a UTM protecting the servers that will block most or probably all of this type of activity.

We use sonicwall for this type of situation. probably a small device will do eg TZ210 or nsa240. You can configure these in transparent mode so they will sit there inspecting all the traffic in and out of the servers and blocking the attacks, viruses, spyware and intrusion attemps etc. As the unit is in transparent mode it will not affect the ip configuration in any way and will just provide an additional line of defense. We use sonicwall because they inspect (DPI) traffic on the fly and there are no proxies involved, they have a multicore architecture. You can also get a lot of info off the device as it has a lot of cool features including a packet capture facility which is very useful for finding out what is going on.
Another thing is that you can create address objects using FQDN which means you dont have to track the ip´s assotiated with the domain name. I could go on but I guess you get the idea.

I am sure there are other solutions out there and this is not a sales attempt.

Hope this helps
0
 

Expert Comment

by:BillFinkNC
ID: 34443866
I'm researching the same thing/issue.

I'd just prefer to allow ONLY US IP assignments to my network.

While I recognize all of the caveats, (i.e. they can use proxies, US providers via dial-ups, etc...) that will be "a way" to get around my rules, BUT restricting to USA (only!) IP assignments I know will slow down a good deal of the crap that comes in, mostly from outside the US.

Too, assisting with forensics for/from IPs that originate from the US-Providers will be just that much easier to deal with.

Lastly, I know IPs change all over the place, but it's not likely what was/is an IP originating from one country today will all of a sudden be given to another.

Restricting all traffic BUT USA IP assignments will/can help a good chunk of our hassles go away. On that note, I realize a good deal of it/them will/can probably still happen, but I'm banking there will not be as much.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question