On blocking access from large IP ranges
The Register recently republished a SecurityFocus article by Scott Granneman, called On blocking Chinese IP addresses, discussing the implications of blocking essentially all of China from accessing a web host due to the number of spam attacks from Chinese networks.
In the course of the article, Mr Granneman asks:
Here's a good question. What needs to come first: the needs of the web servers my friends run, or the needs of a guy sitting in Shanghai that wants to view the content of that web site?
In my opinion the answer is clear: the needs of your users come first. As for why, let me quote from the SAGE Code of Ethics:
- I will design and maintain each system in a manner to support the purpose of the system to the organization.
What they said. My duty lies first to my own users, and only second to anyone else.
An open Internet is a great thing, and it would be nice to have one. But it is now less and less compatible with running systems that are useful to their users. I hate firewalling off large chunks of the net from our mailer, but I would hurt even more from our users fleeing email because of spam. And so I firewall.
Sorry, unnamed person in Shanghai. And I know that undoubtedly sounds cold to those who I am leaving out in the cold.