(boston.conman.org)

597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0s | source

Show context

Etheryte ◴[25 Aug 25 05:39 UTC] No.45010574[source]▶

One starts to wonder, at what point might it be actually feasible to do it the other way around, by whitelisting IP ranges. I could see this happening as a community effort, similar to adblocker list curation etc.

replies(9): >>45010597 #>>45010603 #>>45010604 #>>45010611 #>>45010624 #>>45010757 #>>45010872 #>>45010910 #>>45010935 #

delusional ◴[25 Aug 25 05:50 UTC] No.45010624[source]▶

>>45010574 #

At that point it almost sounds like we're doing "peering" agreements at the IP level.

Would it make sense to have a class of ISPs that didn't peer with these "bad" network participants?

replies(2): >>45010659 #>>45010714 #

shortrounddev2 ◴[25 Aug 25 06:05 UTC] No.45010714[source]▶

>>45010624 #

Why not just ban all IP blocks assigned to cloud providers? Won't halt botnets but the IP range owned by AWS, GCP, etc is well known

replies(3): >>45011111 #>>45011141 #>>45011475 #

1. aorth ◴[25 Aug 25 08:10 UTC] No.45011475[source]▶

>>45010714 #

Tricky to get a list of all cloud providers, all their networks, and then there are cases like CATO Networks Ltd and ZScaler, which are apparently enterprise security products that route clients traffic through their clouds "for security".

↑

Ban me at the IP level if you don't like me