After having a user email account compromised and our mailserver used to dish spam for a few hours, I am going ahead and starting to block China IP addresses outright that are attacking us. This doesn’t solve the issue, but I am kind of done with even negotiating and rejecting attack traffic at our servers now that originate from China. Blocking ranges that attack us is an intermediate step for me. I don’t want to just block China outright, but at this point, I know it wouldn’t solve the issue but it also really couldn’t hurt either. This is not what the internet is supposed to be about, but sadly, it has come to this. I am blocking them inbound at my network level.
If you are going down this road as well, IP2CIDR is a helpful site to use after you get the ranges detailed via whois. When you take the next step and start blocking countries entirely, CIPB is the resource for you. Here are my first few entries from China.