We blocked incoming connections from every IP associated with these ASNs.
These companies are either knowingly, or unknowingly renting their services to foreign hackers, or have been breached themselves and are being used to bypass geo-fencing.
8100 - QuadraNet
9009 - M247
11878 - Tzulo
13213 - UK2.net
46475 - Limestone Networks
46562 - Performive
60068 - CDN77
199218 - Proton VPN
203020 - HostRoyale
204957 - GREEN FLOID LLC
212238 - Datacamp Limited
216419 - Matrix Telecom Solutions
This just in: Geo blocking isnt all its cracked up to be and hosting providers services sometimes get used for nefariouis purposes!
Enjoy your endless game of whack-a-mole and the extra tickets you are going to get now when some remote worker turns up on an ISP that uses one of these providers.
FWIW Performive is used by Private Internet Access VPN. Maybe you’ll catch some remote worker masking their location with a GL.iNET router and WireGuard.
Jesus - UK2.net - they’ve been around since forever. IIRC they were cheap and you got exactly what you paid for…
EDIT: Was trying to remember what made them special, then the gears turned - IIRC it was set up by Bo Bendtsen, him of the Terminate DOS terminal emulator, and more recently Just Eat. 
First time lifting the curtain in front of “the internet?” This “solution” is the equivalent of burning your house down because you found a spider inside.
Yeah, users shouldn’t be connecting from these kinds of odd hosting companies. Block ‘em I say!
You need to block Azure cloud also… I hear a lot of hackers are using that service or took control of sites using that service via their leet skills.
Geoblocking ranges from pretty useful in blocking low effort attacks by blocking incoming connections from China, India, USA, Brazil and Russia. To somewhat useful when blocking incoming connections except from whitelisted countries.
But really, it’s a slice with pretty big holes on the swiss cheese method to security. Main win it’s efficiency of resources.
Additionally, anything that it’s not a webpage should block access to IPs from VPN providers.
I just made the list available to anyone that wants it, and did this after discussion with the owner of our company.
You can keep your snarky comments to yourself.
Been in IT for 24 years now. So no.
Unfortunately, since companies won’t take action against abuse complaints, steps have to be taken.
It’s our company’s responsibility to protect our systems, and our customer’s data.
You sound really new at this.
Why’s that?
Because I don’t want to only rely solely on tools like MFA, and prefer back those tools up with policies to block known threat actors?
Or because I expect companies to do what I would do in their place and investigate reports that their systems are being abused for malicious purposes?