1 |
On Wednesday, 4 October 2017 23:49:30 BST mad.scientist.at.large@××××××××.com |
2 |
wrote: |
3 |
> I have to disagree with the last post. You should most certainly block some |
4 |
> inbound traffic. you should block ports you aren't using. If some ip |
5 |
> addr. or particular provider have a customer trying to break your' machine |
6 |
> you want to block the whole isp unless you are serving pages etc. you |
7 |
> should block the router solicitation and block any other routers |
8 |
> advertising them. i usually also block ping both ways. Every major |
9 |
> program is full of bugs, you want to try to limit the access of others to |
10 |
> the least amount possible consistent with the net software you are |
11 |
> running. |
12 |
> |
13 |
> Long ago i had all of china blocked, because i wasn't visiting sites there |
14 |
> and it was where most of the attacks came from. When you have a "slow" or |
15 |
> very busy connection to the net the incursion atempts. |
16 |
|
17 |
There are a few problems with this approach: |
18 |
|
19 |
As it has already been mentioned, the Chinese, Ukrainian, et al. IP address |
20 |
blocks change on an hourly basis. |
21 |
|
22 |
With spammers using DNS forwarding you will need to start blocking US, |
23 |
Netherlands, etc. based ISPs, CDNs and cloud hosters. However, you may still |
24 |
want to receive some of these hosters content - non-malicious and non-advert |
25 |
related web pages. |
26 |
|
27 |
Some web page scripts rely on acknowledgment/interaction with servers proxied |
28 |
on some of the addresses you could have blocked. As a result web pages hang |
29 |
and never complete loading, forms are broken, clicking on buttons do not yield |
30 |
a result. In other words, you could break the interwebs and your browsing |
31 |
experience along with it. |
32 |
|
33 |
|
34 |
> While not security related directly, i also like to ban the ip addr of ad |
35 |
> bots, i suspect that when they change their' domain name or buy a new one, |
36 |
> that the ad company doesn't get a new ip addr range. |
37 |
|
38 |
Nope, the IP addresses of these change too. They are cloud hosted too, |
39 |
geographically dispersed, load balanced and change all the time. |
40 |
|
41 |
|
42 |
> this are the servers |
43 |
> that are most overloaded and slowest, slowing down page loads. You could |
44 |
> even consider that this slowness from ad servers produces a DOS, assuming |
45 |
> you don't want the information and didn't ask for it. now i just try to |
46 |
> block the obnoxious advertisers, the people who at 3 AM will shove audio to |
47 |
> you that's louder than the music you were/are playing. -- |
48 |
> "Informed delivery" is just an excuse for the post office to compile data |
49 |
> basses for sale to marketing firms and those even less reputable, it is a |
50 |
> gross abuse of the postal systems special access to our lives. |
51 |
|
52 |
If blocking this kind of content is for web browsing purposes only, blocking |
53 |
adverts can be quite effectively achieved by using browser add ons like |
54 |
'Ublock Origin'. |
55 |
|
56 |
-- |
57 |
Regards, |
58 |
Mick |