On blocking access from large IP ranges

September 1, 2005

The Register recently republished a SecurityFocus article by Scott Granneman, called On blocking Chinese IP addresses, discussing the implications of blocking essentially all of China from accessing a web host due to the number of spam attacks from Chinese networks.

In the course of the article, Mr Granneman asks:

Here's a good question. What needs to come first: the needs of the web servers my friends run, or the needs of a guy sitting in Shanghai that wants to view the content of that web site?

In my opinion the answer is clear: the needs of your users come first. As for why, let me quote from the SAGE Code of Ethics:

  • I will design and maintain each system in a manner to support the purpose of the system to the organization.

What they said. My duty lies first to my own users, and only second to anyone else.

An open Internet is a great thing, and it would be nice to have one. But it is now less and less compatible with running systems that are useful to their users. I hate firewalling off large chunks of the net from our mailer, but I would hurt even more from our users fleeing email because of spam. And so I firewall.

Sorry, unnamed person in Shanghai. And I know that undoubtedly sounds cold to those who I am leaving out in the cold.

Written on 01 September 2005.
« LILO vs GRUB: why LILO still wins for servers
The 'Trade Press' and blogs »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Sep 1 00:30:59 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.