1

How often do country IP address ranges change?

I get a lot of notifications about failed login via Wordpress or SSH. It's very hard to ban every single IP address, so I wrote a script to block single IP addresses and IP ranges. But I never reset my firewall. Is it possible that an IP address known as an Algerian will become a German IP address sometime? How often should I reset my firewall to load a new set of IP addresses?

Fail2ban avoids a lot after the 2nd or 3rd try but I want to block some countries completely.

My website is aimed at Central European customers and the most of the bots come from e.g. China, Brasilia, Algeria and so on. I want to block such countries completely.

Thanks

user3646958
  • 19
  • 1

2 Answers2

1

Country-IP relationships should be fairly stable, because the pool of IPv4 addresses is officially depleted, which means the RIRs are no longer allocating new blocks. But private transfers (purchases) of IP blocks take place on the occasion.

If you have IPv6 traffic, that's something to be considered differently. In theory, huge batches of new addresses can be added every day.

The RIRs provide some lists that can assist you, for example from RIPE: ftp://ftp.ripe.net/ripe/ipmap/

and others like ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest (from: ftp://ftp.ripe.net/pub/stats/ripencc/)

The other RIRs provide more or less the same types of file. They will require a bit of parsing using a script, but you can build your own IP/country lists.

Kate
  • 487
  • 3
  • 8
1

The commonly used GeoIP2 database publishes monthly updates. So on that somewhat unscientific benchmark: IP address assignment is not completely static.

Their monthly diff should give you an insight in how much actually changes month over month https://dev.maxmind.com/geoip/geoip2/release-notes/

Bob
  • 5,805
  • 7
  • 25