Hi Spiceheads,
I am a rookie with.. well, most things.. but our topic today is IP Blocking.
Tech: I am using a Cisco ASA5505 with a 'Block group' where I keep all of my 'Blocked network objects'. The 'Group' is restricted to all traffic. I also have a Barracuda Spam and Virus appliance, a Barracuda Web Filter and I use a software called SYSPEACE on our Terminal Server to block - and help me identify repeat 'attacks'.
In 24 hours, the ASA Block Group stopped 12,719 connections; (that might be on any port).
My Ban list has 81 objects which covers 362,159,764 IP addresses.
Some are single blocks - usually US addresses where I am concerned about blocking customers by mistake, others are large subnets from China, etc.. 255.0.0.0
How much is too much? Your thoughts?