1 |
On Thu, Oct 05, 2017 at 10:35:43AM +0100, Mick wrote |
2 |
|
3 |
> There are a few problems with this approach: |
4 |
> |
5 |
> As it has already been mentioned, the Chinese, Ukrainian, et al. IP |
6 |
> address blocks change on an hourly basis. |
7 |
|
8 |
Huh?!? The subdomain names, maybe; but not the country IP address |
9 |
range. The whole point of this thread is about blocking by IP address, |
10 |
not by ineffective hosts files. |
11 |
|
12 |
> With spammers using DNS forwarding you will need to start blocking |
13 |
> US, Netherlands, etc. based ISPs, CDNs and cloud hosters. |
14 |
|
15 |
I'll start off with /32's. Contiguous addresses will get aggregated |
16 |
into /31 and larger blocks over time. |
17 |
|
18 |
> However, you may still want to receive some of these hosters content - |
19 |
> non-malicious and non-advert related web pages. |
20 |
> |
21 |
> Some web page scripts rely on acknowledgment/interaction with servers |
22 |
> proxied on some of the addresses you could have blocked. As a result |
23 |
> web pages hang and never complete loading, forms are broken, clicking |
24 |
> on buttons do not yield a result. In other words, you could break |
25 |
> the interwebs and your browsing experience along with it. |
26 |
|
27 |
This battle has already been fought on the spam email front. Some |
28 |
greedy ISPs decided to make extra money by taking on egregious spammers |
29 |
and using legitimate customers as "human shields". That didn't work. |
30 |
|
31 |
-- |
32 |
Walter Dnes <waltdnes@××××××××.org> |
33 |
I don't run "desktop environments"; I run useful applications |