Risks to Geo Blocking
-
@momurda said in Risks to Geo Blocking:
Quite frankly all those positions are ridiculous.
If I get an email saying an IP tried to use Massscan or some Ddos script on my firewall, I goto ripe or lacnic or apnic or arin and it query the ip.
If this ip shows as a datacenter in St Petersburg Russia, or Shenzhen China, what are the chances it is not in St Petersburg or Shenzen? I would guess less than one in one thousand.In that scenario there are two factors, though. We don't care if it is accurate once you know it is an attack. And it's filtered so that yes, attacks are more likely from there, so by isolating the traffic to known attack traffic, and then filtering for none attack locations, then yes, the resulting accuracy would be higher than the general accuracy.
But in those cases, we'd be happy to block using IPS because it's already an attack. Even if it came from Kansas, we'd want to block it. So the location is moot by that point.
It's the case where you don't get an attack but legitimate traffic, and it registers as St. Petersburg (that's where Veeam is, for example), then what are the chances you'd want to block it?
-
So for the first time in YEARS, we just did some geo blocking today. How is this timing possible?
-
This is a pretty good thread on how to argue with @scottalanmiller. Not even a joke.
-
@scottalanmiller said in Risks to Geo Blocking:
So for the first time in YEARS, we just did some geo blocking today. How is this timing possible?
Oh yeah? Which? Why?
-
@obsolesce said in Risks to Geo Blocking:
@scottalanmiller said in Risks to Geo Blocking:
So for the first time in YEARS, we just did some geo blocking today. How is this timing possible?
Oh yeah? Which? Why?
Only access for one tech, so trying to limit as much as possible. But it didn't work, (probably nothing to do with the geo blocking) so I don't know if they ended up keeping it or not.