←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0.202s | source
Show context
lwansbrough ◴[25 Aug 25 05:55 UTC] No.45010657[source]
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.

It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.

replies(6): >>45010748 #>>45010787 #>>45010871 #>>45011590 #>>45011656 #>>45011732 #
sugarpimpdorsey ◴[25 Aug 25 06:18 UTC] No.45010787[source]
There's some weird ones you'd never think of that originate an inordinate amount of bad traffic. Like Seychelles. A tiny little island nation in the middle of the ocean inhabited by... bots apparently? Cyprus is another one.

Re: China, their cloud services seem to stretch to Singapore and beyond. I had to blacklist all of Alibaba Cloud and Tencent and the ASNs stretched well beyond PRC borders.

replies(5): >>45010898 #>>45010946 #>>45011282 #>>45011573 #>>45014393 #
grandinj ◴[25 Aug 25 06:41 UTC] No.45010946[source]
There is a Chinese player that has taken effective control of various internet-related entities in the Seychelles. Various ongoing court-cases currently.

So the seychelles traffic is likely really disguised chinese traffic.

replies(6): >>45011312 #>>45011474 #>>45011525 #>>45011718 #>>45011852 #>>45014132 #
sylware ◴[25 Aug 25 09:12 UTC] No.45011852[source]
I forgot about that: all the nice game binaries from them running directly on nearly all systems...
replies(1): >>45013273 #
lukan ◴[25 Aug 25 12:49 UTC] No.45013273[source]
Huh? Who is them in this case?
replies(1): >>45018669 #
ronsor ◴[25 Aug 25 20:35 UTC] No.45018669[source]
They're referring to the fact that Chinese game companies (Tencent, Riot through Tencent, etc.) all have executables of varying levels of suspicion (i.e. anti-cheat modules) running in the background on player computers.

Then they're making the claim that those binaries have botnet functionality.

replies(1): >>45037209 #
1. sylware ◴[27 Aug 25 09:21 UTC] No.45037209[source]
They can exploit local priviledge escalation flaws without "RCE".

And you are right, kernel anti-cheat are rumored to be weaponized by hackers, and making the previous even worse.

And when the kid is playing his/her game at home, if daddy or mummy is a person of interest, they are already on the home LAN...

Well, you get the picture: nowhere to run, orders of magnitude worse than it was before.

Nowadays, the only level of protection the administrator/root access rights give you, is to mitigate any user mistake which would break his/her system... sad...