[CentOS] what percent of time are there unpatched exploits against default config?

Sat Dec 31 22:23:03 UTC 2011
Craig White <craigwhite at azapple.com>

On Sat, 2011-12-31 at 15:17 -0700, Ken godee wrote:
> >> IP address allocation needs to be done smarter so that geographical
> >> regions can be isolated easier. And at some point it probably will
> >> be.
> >
> > There already is that capability to some extent. Between geoip and
> > the RIR's, one can get a pretty good handle on which /8 or /16 blocks
> > need to be blocked at your firewall. In fact the linux based router's
> > we use have a specific "Country Blocking" feature which I use to
> > block large swathes of the Net from our systems.
> >
> 
> We've been thinking of using the MaxMind GeoIP Country database with 
> Apache mod_geoip API to limit certain countries visiting our websites.
> 
> Has anyone used this or have any input on it's usefulness?
----
totally works (maxmind/geoip - at least it did for me with a rubyonrails
app)

I wouldn't know how to use it for http blocking but it's probably
possible but it would seem to be far more effective at a firewall level.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.