On Sat, 1 Nov 2003 John_York@Dell.com wrote:
We're seeing an incredible amount of port- and proxy-scans from 211.0.0.0/8, and 0 legitimate packets from the same range. I'm thinking about blocking the entire /8, as noone on our network needs any contact with Asia (I belive those addresses are all in Asia - correct me if I'm wrong). Has anyone here blocked 211.? Any unexpected results when doing so?
Unexpected? It depends on what you expect the results to be. I have acted as a diplomat de jure negotating resumption of traffic between people blocking these network ranges and organizations in Japan in the past. In addition to Japan, the 211 netblock is assigned to organizations in other Asia Pacific countries. Its your network (or maybe your employer's network) to do whatever you choose. You may want to consider blocking smaller ranges than the entire /8.