- McAfee TrustedSourceT recently has observed malware-laden email and spam originating from a variety of government agencies and banking institutions in Russia.
- The top 10 countries dominate in spam production, contributing nearly 70 percent of the total and far outdistancing the other 200-plus countries in the world. Tope 10 countries are US, Brazil, India, South Korea, China, Russia, Turkey, Thailand, Romania, and Poland.
- The top seven countries hosting websites with a malicious reputation are also in the top 10 hosting phishing, spam, and malware/spyware sites.
So, what's the best way to deal with malicious traffic from these countries? If your organization can afford to block traffic from these countries or select countries, block the whole IP address range at the external Router or Firewall level. Always use "supernets" while blocking to make sure that the Firewall or Router uses the resources efficiently.
To get more information on the IP addresses allocation and whois lookup, use the following links
http://www.iana.org/assignments/ipv4-address-space/
http://ws.arin.net/whois/
http://ripe.net/
http://wq.apnic.net/apnic-bin/whois.pl
http://www.lacnic.net/cgi-bin/lacnic/whois
http://www.afrinic.net/cgi-bin/whois
http://ip-to-country.webhosting.info/book/print/5
1 comment:
Only very few organizations can afford to do that but it is a good strategy
Post a Comment