Solved

How to block all IP addresses not from the USA>

Posted on 2010-08-17
6
1,303 Views
Last Modified: 2013-11-16
I have  been task with blocking all IP  addresses not from the USA from our system.

I am looking for suggestions on the easiest way to set up our ASA5510s.
0
Comment
Question by:jimmylew52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Assisted Solution

by:uscshaggy
uscshaggy earned 150 total points
ID: 33456387
There isn't a standard block of addresses that will always indicate a US-based device/computer.  There will be hundreds of IP ranges, that are pretty constantly changing.  In order to block non-US IPs effectively, you really need to use geolocation software or service on your Web Server.  See this link for an example:  http://code.google.com/apis/gears/api_geolocation.html
0
 
LVL 3

Accepted Solution

by:
drcheap earned 250 total points
ID: 33456507
This is true, it is not easy to dierctly and accurately correlate geographical location to IP address, much less large blocks of them.

Aesources which may help a lot though:
http://www.iana.org/numbers

More specifically:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
and
https://www.arin.net/knowledge/ip_blocks.html
0
 
LVL 1

Assisted Solution

by:Elysithea
Elysithea earned 100 total points
ID: 33484506
I would love to know the reason for doing this... but anyway

I guess if you need to do it on your routers it would be easier to block all and just allow the usa blocks - at least this would minimise the amount of address blocks you are worried about.

It might be worth a call to your isp as it could be a lot easier for them to do this as they will probably have a gateway for international traffic where they could deny access for your account. I am not sure how this works exactly but the alternative of geolocation or managing address blocks is going to be difficult to say the least - probably worth a try.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 1

Author Comment

by:jimmylew52
ID: 33484740
Thanks to all of you I have settled on an acceptable solution. I will be blocking the majority of the IP blocks from asia and Europe. So far it has been helpful in blocking the attacks coming from there.

Reason - a couple of our servers, that have been attacked, have problems during the attacks and require us to monitor they constantly to keep them operational. The attacker does not gain entry to the server but it, I believe it is a bot, stalls one of the services during the attack. We are not able to limit the IP that have access because they are constantly changing. The IPs are  all USA IPs.
0
 
LVL 1

Expert Comment

by:Elysithea
ID: 33486052
ok if thats the problem there might be a better solution to this.

Without going realy deep you could put a UTM protecting the servers that will block most or probably all of this type of activity.

We use sonicwall for this type of situation. probably a small device will do eg TZ210 or nsa240. You can configure these in transparent mode so they will sit there inspecting all the traffic in and out of the servers and blocking the attacks, viruses, spyware and intrusion attemps etc. As the unit is in transparent mode it will not affect the ip configuration in any way and will just provide an additional line of defense. We use sonicwall because they inspect (DPI) traffic on the fly and there are no proxies involved, they have a multicore architecture. You can also get a lot of info off the device as it has a lot of cool features including a packet capture facility which is very useful for finding out what is going on.
Another thing is that you can create address objects using FQDN which means you dont have to track the ip´s assotiated with the domain name. I could go on but I guess you get the idea.

I am sure there are other solutions out there and this is not a sales attempt.

Hope this helps
0
 

Expert Comment

by:BillFinkNC
ID: 34443866
I'm researching the same thing/issue.

I'd just prefer to allow ONLY US IP assignments to my network.

While I recognize all of the caveats, (i.e. they can use proxies, US providers via dial-ups, etc...) that will be "a way" to get around my rules, BUT restricting to USA (only!) IP assignments I know will slow down a good deal of the crap that comes in, mostly from outside the US.

Too, assisting with forensics for/from IPs that originate from the US-Providers will be just that much easier to deal with.

Lastly, I know IPs change all over the place, but it's not likely what was/is an IP originating from one country today will all of a sudden be given to another.

Restricting all traffic BUT USA IP assignments will/can help a good chunk of our hassles go away. On that note, I realize a good deal of it/them will/can probably still happen, but I'm banking there will not be as much.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question