| 1 |
On Thu, Oct 05, 2017 at 10:35:43AM +0100, Mick wrote |
| 2 |
|
| 3 |
> There are a few problems with this approach: |
| 4 |
> |
| 5 |
> As it has already been mentioned, the Chinese, Ukrainian, et al. IP |
| 6 |
> address blocks change on an hourly basis. |
| 7 |
|
| 8 |
Huh?!? The subdomain names, maybe; but not the country IP address |
| 9 |
range. The whole point of this thread is about blocking by IP address, |
| 10 |
not by ineffective hosts files. |
| 11 |
|
| 12 |
> With spammers using DNS forwarding you will need to start blocking |
| 13 |
> US, Netherlands, etc. based ISPs, CDNs and cloud hosters. |
| 14 |
|
| 15 |
I'll start off with /32's. Contiguous addresses will get aggregated |
| 16 |
into /31 and larger blocks over time. |
| 17 |
|
| 18 |
> However, you may still want to receive some of these hosters content - |
| 19 |
> non-malicious and non-advert related web pages. |
| 20 |
> |
| 21 |
> Some web page scripts rely on acknowledgment/interaction with servers |
| 22 |
> proxied on some of the addresses you could have blocked. As a result |
| 23 |
> web pages hang and never complete loading, forms are broken, clicking |
| 24 |
> on buttons do not yield a result. In other words, you could break |
| 25 |
> the interwebs and your browsing experience along with it. |
| 26 |
|
| 27 |
This battle has already been fought on the spam email front. Some |
| 28 |
greedy ISPs decided to make extra money by taking on egregious spammers |
| 29 |
and using legitimate customers as "human shields". That didn't work. |
| 30 |
|
| 31 |
-- |
| 32 |
Walter Dnes <waltdnes@××××××××.org> |
| 33 |
I don't run "desktop environments"; I run useful applications |
Archives