| 1 |
On Wednesday, 4 October 2017 23:49:30 BST mad.scientist.at.large@××××××××.com |
| 2 |
wrote: |
| 3 |
> I have to disagree with the last post. You should most certainly block some |
| 4 |
> inbound traffic. you should block ports you aren't using. If some ip |
| 5 |
> addr. or particular provider have a customer trying to break your' machine |
| 6 |
> you want to block the whole isp unless you are serving pages etc. you |
| 7 |
> should block the router solicitation and block any other routers |
| 8 |
> advertising them. i usually also block ping both ways. Every major |
| 9 |
> program is full of bugs, you want to try to limit the access of others to |
| 10 |
> the least amount possible consistent with the net software you are |
| 11 |
> running. |
| 12 |
> |
| 13 |
> Long ago i had all of china blocked, because i wasn't visiting sites there |
| 14 |
> and it was where most of the attacks came from. When you have a "slow" or |
| 15 |
> very busy connection to the net the incursion atempts. |
| 16 |
|
| 17 |
There are a few problems with this approach: |
| 18 |
|
| 19 |
As it has already been mentioned, the Chinese, Ukrainian, et al. IP address |
| 20 |
blocks change on an hourly basis. |
| 21 |
|
| 22 |
With spammers using DNS forwarding you will need to start blocking US, |
| 23 |
Netherlands, etc. based ISPs, CDNs and cloud hosters. However, you may still |
| 24 |
want to receive some of these hosters content - non-malicious and non-advert |
| 25 |
related web pages. |
| 26 |
|
| 27 |
Some web page scripts rely on acknowledgment/interaction with servers proxied |
| 28 |
on some of the addresses you could have blocked. As a result web pages hang |
| 29 |
and never complete loading, forms are broken, clicking on buttons do not yield |
| 30 |
a result. In other words, you could break the interwebs and your browsing |
| 31 |
experience along with it. |
| 32 |
|
| 33 |
|
| 34 |
> While not security related directly, i also like to ban the ip addr of ad |
| 35 |
> bots, i suspect that when they change their' domain name or buy a new one, |
| 36 |
> that the ad company doesn't get a new ip addr range. |
| 37 |
|
| 38 |
Nope, the IP addresses of these change too. They are cloud hosted too, |
| 39 |
geographically dispersed, load balanced and change all the time. |
| 40 |
|
| 41 |
|
| 42 |
> this are the servers |
| 43 |
> that are most overloaded and slowest, slowing down page loads. You could |
| 44 |
> even consider that this slowness from ad servers produces a DOS, assuming |
| 45 |
> you don't want the information and didn't ask for it. now i just try to |
| 46 |
> block the obnoxious advertisers, the people who at 3 AM will shove audio to |
| 47 |
> you that's louder than the music you were/are playing. -- |
| 48 |
> "Informed delivery" is just an excuse for the post office to compile data |
| 49 |
> basses for sale to marketing firms and those even less reputable, it is a |
| 50 |
> gross abuse of the postal systems special access to our lives. |
| 51 |
|
| 52 |
If blocking this kind of content is for web browsing purposes only, blocking |
| 53 |
adverts can be quite effectively achieved by using browser add ons like |
| 54 |
'Ublock Origin'. |
| 55 |
|
| 56 |
-- |
| 57 |
Regards, |
| 58 |
Mick |
Archives