What is the purpose of country blocking ?

[Denna]

I see that members are putting in a lot of effort in this forum about blocking connections from specific countries.

What is the purpose of country blocking when even a moderately skilled intruder is likely to use a VPN to mask their physical location ?

 

[joegreat]

What is the purpose of country blocking when even a moderately skilled intruder is likely to use a VPN to mask their physical location ?

...not seeing probes in your firewall log - the only reason I can imagine!
...but still seeing all the drops of connections in the firewall log - hmm, same as before!?

 

[swetoast]

never saw the deal with country blocking.. i want to block purpose full connections like malware spreaders or privacy offenders, but there seems to be a large userbase for country blocking in general.

 

[pete y testing]

What is the purpose of country blocking

its for licensing of content and advertising etc , its purely a financial boarder

when even a moderately skilled intruder is likely to use a VPN to mask their physical location ?

and in doing so break the terms and conditions of the sites involved based on licensing agreements of the content

its not a smart move to have these restrictions in place but its a way to control content in local markets

 

[Denna]

@pete y testing,

I was referring to people setting up blocklist rules to protect against intruders from specific countries.​

 

[pete y testing]

soz

but i guess the same still applies , rules and list are for those that choose to follow them , there will always be a backdoor or work around if its you trying to protect yourself from those Chinese hackers or the states trying to protect content , its relatively all the same , nothing is invulnerable or impervious to the next smartest guy on the block , but its at lest worth making an effort to guard the front door to those that would take the easy way in

 

[swetoast]

im fairly sure that chinese hackers knows how to use a proxy

 

[RMerlin]

im fairly sure that chinese hackers knows how to use a proxy

Not according to my hosting server's CSF logs...

 

[R1-Limited]

I see that members are putting in a lot of effort in this forum about blocking connections from specific countries.

What is the purpose of country blocking when even a moderately skilled intruder is likely to use a VPN to mask their physical location ?

To keep the bad guys out

 

[redhat27]

...but still seeing all the drops of connections in the firewall log - hmm, same as before!?

I think maybe not... The target is DROP, not logdrop

 

[Undesirable]

They shouldn't be able to get away with using proxies, because the TOS of most proxies is to discontinue service if is is being misused for hacking or even report to authorities. If they are using a proxy in their own country that allows turns a blind eye to such misuse, then... they're gonna be blocked. Keep an eye on the IPs that try to port scan you and report them if whois shows it to come from a proxy. If not, then block the IP or find a proxy blocking script. There's got to be one around somewhere.

The country blocking script available here also blocks TOR nodes, so that's another layer of protection.

 

[Denna]

This is like a game of wac-a-mole where there is an almost infinite number of holes to emerge from.

Intruders being concerned about a proxy's TOS ?

They'll just switch providers.

It sounds like country blocklists deal with the annoyance of script kiddies and lamers.

 

[Undesirable]

Well there are Proxy blocklists, so it's not impossible to at least weed out quite a number of them.

https://www.iblocklist.com/list?list=xafnpguypyaewkmuugbd

 

[Denna]

Attack vectors are temporal.

Intruders using the same "port" of entry for the same purposes is probably the path of someone unskilled or very bold. And continued boldness doesn't promote continued activity.

With the performance routers have at their disposal today, managing IPv4 address ranges is possible. Usually because those blocklists are downloaded and processed autonomously. The use of ipset has made it possible to efficiently deal with large quantities of addresses.

However, the quantity of IP addresses to process is certainly to increase in orders of magnitude, especially with IPv6.

Voluntarily supporting the processor overhead of just looking up addresses to block becomes an attack unto itself because the router's resources are being tied up trying to stop intruders from doing the same thing.

These rules provide a lot of protection ... for now.

iptables -I INPUT -i <wan_face> -m state --state NEW -j DROP
iptables -I FORWARD -i <wan_face> -m state --state NEW -j DROP​

You can't stop connections to your router.

The notion of creating country blocklists might have been borne from the same people who created ad blocking lists.

Perhaps one day there will be blocklists of blocklists to block.