Block Top 10 Source IP's

The Internet Storm Center regularly tracks the most prevalent attacks and the source IP's. Would anyone agree its reasonable prevention to block these IP addresses using ones firewall?

 

Your firewall should be blocking these unsolicited inbounds already, any particular reason for creating specific rules? No logging? Restricting outbound to these IP's?

Regards,

CrazyM

 

Understood, Crazy. Your right that I've got plenty of anti-malware tools. However, just because one has an AV doesn't always mean they won't get sick with a virus. So I was thinking if these were IP addresses of the bad guys, why not block them as an additional precaution. I'm just asking.

 

Some could be IP's of the culprits, most are probably just compromised systems.

If just making sure these inbound scans are blocked is your objective, then I do not feel adding such a list would be of benefit, only add unnecessary clutter to your firewall rule set. There would also be the matter of maintenance, that ISC top ten likely changes hourly, let alone daily, weekly, monthly. How would you maintain this?

My preference has always been to keep the firewall rule set as small and manageable as possible, focussing on permit rules, let firewall deny everything else not allowed. That is just my approach, everyone has their own

Never any harm in asking

Regards,

CrazyM

 

Good points, CrazyM. Thanks for the feedback!