Solved

How to block all IP addresses not from the USA>

Posted on 2010-08-17
6
1,289 Views
Last Modified: 2013-11-16
I have  been task with blocking all IP  addresses not from the USA from our system.

I am looking for suggestions on the easiest way to set up our ASA5510s.
0
Comment
Question by:jimmylew52
6 Comments
 
LVL 2

Assisted Solution

by:uscshaggy
uscshaggy earned 150 total points
ID: 33456387
There isn't a standard block of addresses that will always indicate a US-based device/computer.  There will be hundreds of IP ranges, that are pretty constantly changing.  In order to block non-US IPs effectively, you really need to use geolocation software or service on your Web Server.  See this link for an example:  http://code.google.com/apis/gears/api_geolocation.html
0
 
LVL 3

Accepted Solution

by:
drcheap earned 250 total points
ID: 33456507
This is true, it is not easy to dierctly and accurately correlate geographical location to IP address, much less large blocks of them.

Aesources which may help a lot though:
http://www.iana.org/numbers

More specifically:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
and
https://www.arin.net/knowledge/ip_blocks.html
0
 
LVL 1

Assisted Solution

by:Elysithea
Elysithea earned 100 total points
ID: 33484506
I would love to know the reason for doing this... but anyway

I guess if you need to do it on your routers it would be easier to block all and just allow the usa blocks - at least this would minimise the amount of address blocks you are worried about.

It might be worth a call to your isp as it could be a lot easier for them to do this as they will probably have a gateway for international traffic where they could deny access for your account. I am not sure how this works exactly but the alternative of geolocation or managing address blocks is going to be difficult to say the least - probably worth a try.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:jimmylew52
ID: 33484740
Thanks to all of you I have settled on an acceptable solution. I will be blocking the majority of the IP blocks from asia and Europe. So far it has been helpful in blocking the attacks coming from there.

Reason - a couple of our servers, that have been attacked, have problems during the attacks and require us to monitor they constantly to keep them operational. The attacker does not gain entry to the server but it, I believe it is a bot, stalls one of the services during the attack. We are not able to limit the IP that have access because they are constantly changing. The IPs are  all USA IPs.
0
 
LVL 1

Expert Comment

by:Elysithea
ID: 33486052
ok if thats the problem there might be a better solution to this.

Without going realy deep you could put a UTM protecting the servers that will block most or probably all of this type of activity.

We use sonicwall for this type of situation. probably a small device will do eg TZ210 or nsa240. You can configure these in transparent mode so they will sit there inspecting all the traffic in and out of the servers and blocking the attacks, viruses, spyware and intrusion attemps etc. As the unit is in transparent mode it will not affect the ip configuration in any way and will just provide an additional line of defense. We use sonicwall because they inspect (DPI) traffic on the fly and there are no proxies involved, they have a multicore architecture. You can also get a lot of info off the device as it has a lot of cool features including a packet capture facility which is very useful for finding out what is going on.
Another thing is that you can create address objects using FQDN which means you dont have to track the ip´s assotiated with the domain name. I could go on but I guess you get the idea.

I am sure there are other solutions out there and this is not a sales attempt.

Hope this helps
0
 

Expert Comment

by:BillFinkNC
ID: 34443866
I'm researching the same thing/issue.

I'd just prefer to allow ONLY US IP assignments to my network.

While I recognize all of the caveats, (i.e. they can use proxies, US providers via dial-ups, etc...) that will be "a way" to get around my rules, BUT restricting to USA (only!) IP assignments I know will slow down a good deal of the crap that comes in, mostly from outside the US.

Too, assisting with forensics for/from IPs that originate from the US-Providers will be just that much easier to deal with.

Lastly, I know IPs change all over the place, but it's not likely what was/is an IP originating from one country today will all of a sudden be given to another.

Restricting all traffic BUT USA IP assignments will/can help a good chunk of our hassles go away. On that note, I realize a good deal of it/them will/can probably still happen, but I'm banking there will not be as much.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now