Host and Network Blocks
Hosts and/or networks who have been confirmed to be involved in direct attacks on our network have their IP addresses blocked at our exterior firewall. These blocks apply to ALL protocols and completely isolate these hostile hosts / networks from connecting to ANY Jade Service. There are no current automated mechanisms in place to remove addresses once they make it on this list. We are working on integrating our SIEM solution with the Jade Security Framework in a way that will permit the automated addition and removal of blocks (and provide a recorded history for all attacks) but this is not yet in place. For now any insertion into the host or network block lists are considered permanent, at least until such time as they are manually removed.
Confirmed network attacks on our network result in the inclusion on the host based IP block list. We attempt to verify the originating IP address and do not include IP addresses of attacks that can easily be spoofed. From time to time we go through this list manually looking for patterns. In particular we look for networks with an unusually high number of hosts on our host IP block lists. If the percentage is what we believe to be unusually high, or if the originating network is one that we have other reason to believe to be hostile, we then manually add the entire offending network block to our network based IP block list.
We used to publish the host name network IP block lists but no longer do this after upgrading to the new Jade Security Framework. The new framework allows us to easily integrate router security management into our SIEM as well as other automation tools, making block insertion or removal very simple and quick. This in time will result in the block lists becoming far more dynamic than they are now, making public listing problematic. If you are having difficulties in connecting to the Jade network, you may have ended up on one of these IP block lists.
If you believe your network or address is improperly listed please let us know. Procedures for removal from the various lists can be found in our Sitewide Block Removal Procedures document.