You probably want to check how many ips/blocks a provider announces before blocking the entire thing.
It's also not a common metric you can filter on in open firewalls since you must lookup and maintain a cache of IP to ASN, which has to be evicted and updated as blocks still move around.
Allow -> Tarpit -> Block should be done by ASN
You probably want to check how many ips/blocks a provider announces before blocking the entire thing.
It's also not a common metric you can filter on in open firewalls since you must lookup and maintain a cache of IP to ASN, which has to be evicted and updated as blocks still move around.