Original article from The Register:
http://www.theregister.co.uk/2005/08/31/bl...e_ip_addresses/

Slackdotting of said article:
http://it.slashdot.org/article.pl?sid=05/0...532221&from=rss

After reading through these links, and a few other linked sources, it seems like blocking out certain large chunks of IP space may be quite beneficial to both security and performance on a US-based server. Unless you host something that would be a resource to China, or if your clients target Chinese customers and businesses in their marketing, there don't seem to be any real negative pitfalls to such a practice.

Any thoughts on this practice?

Edit: After some thought about my own server uses, I likely won't be implementing this practice since one of my sites deals heavily with LAN parties, and LAN party sponsors. Many of those sponsors are hardware manufacturers, some of which are very much located within China's IP space.

heh.. what are the IP addresses range ?

Heh, that's the hard part. I haven't found any definitive lists so far, and from what I've seen, Chinese IP blocks are all registered via APNIC, which also handles, at the very least, Australia.

So far I've probably blocked a few million IP's though, and I have to say that spam volume has dropped significantly since I started this practice. It would be a lot more, but some of those IP blocks were too difficult to determine a location for so I took the safe route and didn't block them.

My method is pretty simple though. When I get my daily influx of spam, I go through and do lookups on the IP addresses that they are sourced from. From there I check the registration to try and figure out if it may be tied to locations that valid users would be coming from and if not, I add the netblock to my firewall to be blocked for SMTP, FTP, SSH, and a few other ports just to be safe.

I thought most spam, statistically, came from within the United States. And I mean by an enormous margin.

Also, most of my hack attempts seem to come from the Netherlands, for whatever reason, or from inside western countries. Probably relayed.

Perl script for definitive list of chinese IP blocks.

http://www.apnic.net/apnic-bin/ipv4-by-cou...y.pl?country=cn

Australian ranges:
http://www.apnic.net/apnic-bin/ipv4-by-cou...y.pl?country=au

Well i have considered blocking China. i think i will. I receive 5.000 Spam a day. 4.800 are from China.

Also in the past i was hacked twice. When i saw the logs, my box was used for Spam, executing a script thousands of times. Guess what. All ips where also from china excuting the script. So its not just spam, but also a good security measure to block China.
Most China Pcs are zombies, they are infected with trojans and all kinds of stuff. In the US at least people have an Antivirus on their Pc. I do get spam also from US. But i was never hacked from there, and i dont get almost nothing of spam compared from China. Its sad that the Chinese goverment doesnt do anything. If this goes on, people in China will have most of the internet blocked to them.

Do you use blacklists, like spamhaus and what not?