Re: [nznog] Help block out China please.

A story along a similar line that reinforces this view: I put a phone on public IP space a few weeks back, then got sidetracked while configuring it. Before I had even returned to enter a new admin password and the correct SIP details (only 1/2hr later!), the phone had already been attempting to dial out on it's own. Turns out a robot had found it on it's public IP with port 80 open and started issuing it dial commands before I even had a chance to go about locking it down. It was unable to dial out as it hadn't had the correct SIP server or login details configured, but it just goes to show that the device really need to be locked down _before_ being put on any publicly accessible IP space, even if just for provisioning purposes! Pete On 8/12/2013, at 3:17 PM, "Dobbins, Roland" wrote:

On Dec 8, 2013, at 8:46 AM, Don Gould wrote:

...

Clearly you can't even put a quick and dirty box in place to just prove a concept without having to bolt it down.

Correct - it simply isn't viable to expose an unpatched/unsecured box to the Internet at all, due to all the automated scanning/hacking activities taking place.

+1 to the other folks who recommended more workable solutions - 'GeoIP' isn't exact at all, and not all bad nodes (of any nationality) are in China.

Roland Dobbins