Replies

Blocking an IP does no good. The attacks do not originate and continue from a single IP. Attacks are IP hopping at the source and constrained only by the IP-range assigned to a particular provider or geographical part of the globe. Also attacks can be issued globally, from thousands of IPs simultaneously, by viruses planted in computers, scheduled to go off on a particular date and time.

Here, most of our virus/spam/break-in attempts come from Asia, Russia, Africa. Unfortunately we do business with those countries (about 50% of our business is export). If I had my people block the entire IP ranges of the originating providers, or country, or area, I would be blocking business traffic from our customers, salesmen, and servicemen.

There is on occasion the ability to block a notorious IP-range, but that solution is usually afforded only to those Internet users that have limited geographical scope to their traffic.

I came in early this morning to get one of our mail servers 'up'. It appears that we received a very heavy flurry of worm attacks from Russian IPs last night.

One time we had some kid break into one of our servers and store several gigs of mp3 files. That was a long time ago and security wasn't what it is today.

However, all of that crap costs us a lot of money, both in time to prevent, time to repair, and preventative software/hardware purchases.

If we get overly aggressive with our blocking, I'll have Sales and/or Contracts depts screaming. Many people, even those that should know better, believe that an email is as reliable as a registered/signature-required document delivery.... NOT! Then they are paranoid about returning a delivery confirmation for an email!

It's not always as easy as it seems on the surface.