You miss the point. Attackers don't just originate from their home countries, they bounce through proxies around the world, including where your intended audience sits.
-dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: > I think that would depend on the intended scope and audience of your site or > server's sites. For example, does someone in Beijing need to browse for a > product that isn't available over the web or sold in any store outside the > contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up > laundry service in St. Louis? Of course there would be exceptions but I think > it would be worth the small number of legitmate denials to do this. > > <image001.jpg> > ___________________________________________________________________________________________ > > Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 > ext. 603 | dynapp.com | facebook.com/dynapp > > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe > Sent: Friday, November 20, 2009 10:08 PM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] SQL Injection > > Yeah sure, you CAN, but its not the solution to the problem. On a recent > incident response we had attacks originating from asia, south america and > europe. Do you plan on blocking them all? > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not given by > his fathers, but borrowed from his children." -- John James Audubon > > > > > > On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: > > > You can block subnets. On a couple of domestic sites, I have even blocked > all requests from ALL OF ASIA (or close). While I know this is a drastic > measureā¦ all SQL Injection attack (and other hack attacks) attempts reduced > by 98% with that done. > > Here is a link that describes how to do this and why: > http://www.parkansky.com/china.htm > > From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe > Sent: Friday, November 20, 2009 11:59 AM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] SQL Injection > > Blocking IPs is useless, attackers will just use another proxy to change the > apparently location of the originating attack. You can't stop the attempts, > you must instead prevent the exploitation of vulnerable code. This means > writing secure code using data validation on all input, data sanitization on > output (in this case, parameterized queries using cfqueryparam) and following > the principle of least privilege on the database access. > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not given by > his fathers, but borrowed from his children." -- John James Audubon > > > > > > > On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: > > > > Hey folks, > > I saw John's tweet earlier this week about a new wave of SQL Injection ( and > link to a great article on it > http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), > and sure enough I'm seeing a huge upswing in attempts. Over 100 failed > attempts last night alone. > > We have taken the steps to prevent damage / harm, but I was wondering what > folks are doing after they stop the attempt. What kind of message if any do > you provide ? Are people checking the logs, and blocking IP's of the worst > offenders? Or something else? > > -Rudi > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > ------------------------------------------------------------- > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 > 07:52:00 > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > -------------------------------------------------------------
