Slashdot Mirror
Blocking a Nation's IP Space
SComps writes "The Register has a good commentary about blocking Chinese IP space and some of the pros and cons surrounding that action. The question I post to Slashdot: "What is your opinion of this and what do you propose to help correct this?" Additionally, what sort of actions do other Slashdot users take to protect themselves from rogue IP space, be it national borders or even retail broadband/dialup providers such as wannadoo or comcast, roadrunner, etc?" The author of the article raises an interesting point, will this 'slippery slope' prove too difficult to walk?
What is your opinion of this and what do you propose to help correct this?
/8 and /16's but mostly /24's. If someone cannot e-mail me it's because they are likely using a residential cable/DSL account and I suggest to them to either use AIM or a viable webmail service like GMail (hotmail and yahoo are banned).
.br? Here's the single block that does it. Want to block .kr, .cn, and .nz? Go for it. Right now it's entirely too difficult and it requires some real work to do what you need to do.
.0/24 to the firewall list.
Correct what? The fact that other countries are full of hackers that constantly attack you and you have little recourse to stop it? I suggest blocking them. Duh.
Additionally, what sort of actions do other Slashdot users take to protect themselves from rogue IP space, be it national borders or even retail broadband/dialup providers such as wannadoo or comcast, roadrunner, etc?
I have an extensive ban list on my firewall including tons of
I am an individual. I don't run a corporate network and I am not required to put up w/a bunch of shit from other people. Don't like it? Oh well, I'm unconcerned. This particular Ask Slashdot might be pertaining to something else but the blurb wasn't really clear.
If it were up to me, I would want entire countries in their own easy to block IP address space. Want to block
After moving off of Comcast for residential DSL through a respectable provider I find that I don't have worms constantly hitting my machine. I don't have as many attack attempts and I certainly am not blocking quite as much spam. I long for the day when I don't have to add another
They're a web hosting provider. And they're blocking entire netblocks from viewing *their customer's* content.
What big company is going to block China? That's where most of their workers are. Can't cut your communications lines to them.
Evolution or ID?
Simply blocking the IP doesn't fix the problem, and is on the same level as them blocking searches engines and sensoring US web sites. Bot engines etc etc, if you stop it one place it will simply spring up in another. Filtering ala google PRIOR to it hitting the consumer is the real key. That and corporate involvement - when it really begins to cost them money we'll see an improvement.
Does it not seem somewhat strange that we are more than happy to rally against measures by certain governments to restrict our internet liberties, yet there is no problem with us blocking whole nations access to western sites because of rogue elements in their borders?
This seems a rather murky route to go down, that ultimately, will be in no one's best interests.
would be if China blocked inbound USA connections seeing as 80% of the worlds spam originates from there, the numbers are no different for all the other scams either ie Phishing, Malware, Adware , Spyware etc etc
hmmm perhaps the rest-of-the-world should just cut off USA it would probably stop 80% of internet related crime overnight
It would though depend on the size and usage of the network you would be blocking Chineses traffic from. If you're a small buisness with absolutely no connection to China whatsoever, you might be ok blocking the entire IP block to protect your network from spammers. But, even an average size network might have some sort of Chinese connection, either from the outside in or vis versa. Lots of companies and people inside China that try to access that network would effected, not just the spammers.
Even if *you* block a range of IP addresses, someone operating a computer on one of those IP addresses could still connect with your server simply by going through a proxy not blocking them, but which you have not also blocked. Given that blocking a national range of IP addresses provides no real security from a marginally determined and capable attacker and that it promotes a balkanization of the Internet, decreasing the network affect and therefore overall utility of the network by blocking many potentially legitimate connections, this seems like a very inappropriate and heavy-handed technical response to unwanted requests from a particular country. It also saves no bandwidth since the filtering happens at the receiving server after the packets have travelled through the network.
From a political science and ideological perspective, industrialized and democratic companies benefit little form blocking the access of citizens of 'pariah' nations to non-classified information. Any opportunity to make available memes that offer alternatives to the totalitarian state line further create the opportunity for the expansion of democracy and free access and speech in those countries. Blocking national IP ranges in this manner would also decrease this opportunity.
This is all fine and dandy. Until _you_ end up being blocked from a whole bunch of stuff because of some asshole in the same IP space.
Blocking based on IP range and or country is pure and simple discrimination. A lot of people don't seem to grasp why discrimination is bad until they end up on the receiving end...
Having said that; if you want to block half the world, I believe that's your right. Just don't block it for me please, I'd like to make that decision myself.
Can you point to a time when the net was safe for families and businesses. When it was still reasonably safe, I don't recall very many businesses and damn few families even being on it, and it's the sheer stupidity of families and businesses that has been part of the problem with net security.
The world's burning. Moped Jesus spotted on I50. Details at 11.
We want to censor ourselves, we don't want a government to censor us. If an individual or company decides to block traffic from a country more power to them. It's a choice they have the right to make. If the government wants to do it then that sucks because the people have lost that choice.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
would be:
1. put some text about freedom of speech and/or human rights in china on your webserver
2. make sure google finds you
then the chinese government itself would see that chinese IP traffic can't reach you.
I have been to China, my wife is Chinese, and the region where I live (Vancouver) is about 25% ethnic Chinese. China is an important country, and its power is growing - look at recent purchases (and attempts) of major Canadian and American companies. China, its culture, and its policies will increasingly impact our lives. We will be exposed to their culture and values. We can't afford to be silent about ours.
Let me tell you my experience sending email from Japan:
1) I have been the silent party of a conference call between a professor at a major American university and the tech he was "#$%#&$ing out because said professor did not get the five-figure speaking fee we wanted to pay him because our repeated attempts to contact him went unanswered (the techs, to save themselves a little hassle, had blacklisted *.jp)
2) I have been asked "Why don't you ever write?" by a favorite auntie, who is exactly the lady at those tech support humor web sites make fun of. I do write, once a week like clockwork. Her ISP decided on her behalf that it needed to be /dev/null'ed.
3) I have a 99 year old great grandmother who, bless her heart, has started to use the computer. She is doing exceptionally well for 99, but if you ask her four days out of five she'll tell you "No, of course not, don't know anybody living abroad. I haven't been back to Ireland since I came over in 1916 and all my family there is dead". Then if you go on to prod her about her great grandsons she'll take your ears off bragging about those fine young men who went off and got educated and are now living in Korea or China or somesuch place where the folks are very friendly and they drink excellent tea although of course not the sort that they made in County Cork.
4) I get a copy of my local newspaper (for the neighborhood I grew up in) delivered to me once a month by my mother. A favorite teacher of mine from grade school just retired. One Google search later I had his school's office email address and sent them a letter of congratulation to forward on to him. I've gotten no response -- it probably got eaten. Asked yesterday whether he needed to speak to anyone abroad or not, this veteran of the Chicago Public Schools would have said "Nope, can't say that I do".
5) Three companies have lost my business because they can't handle having a customer abroad (seeming inability to handle emails played a part in all three cancellations, not entirely sure it was the only issue though). One (my bank) has gained it for life because they went the extra mile, including having a $10 an hour telephone operator having a three-day long spat with their IT department before I could get whitelisted. (Oddly, the IT department had clearly spent a lot of development resources on making their web forms, etc international-aware... and then /dev/null'ed all email from the customers using the special forms)
Help poke pirates in the eyepatch, arr.