Who needs foreign servers? Researchers say the USA is doing a fine job of harboring its own crimeware flingers A collection of servers found in the US are responsible for some of the nation's biggest malware and phishing attacks. This according to a report from security company Bromium, which said just over a dozen servers are being used to spread 10 of the major malware and phishing campaigns spreading around the internet at the …
Even just monitoring the 404 logs of a small website will tell you that a substantial number of scripted attacks come from the US, so I'm not surprised.
In addition, all it takes is someone hiring a web platform and using it as their private proxy, or use a VPN.
I just wish I had a list of all hosting provider IP addresses (especially OVH), because I'd block them all. There are no genuine users to be found on hosted servers, so they will clearly not be an audience. Furthermore, in some 20 years of running websites, I have as yet to see a single visit from a Tor node that wasn't trying to breach the site, so you don't have to worry you exclude customers if you filter those out too.
While I understand the reasons for blocking incoming datacentre traffic, it's quite annoying for VPN users but luckily only a few sites block by ASN or netblock. Saying that, I don't take down the VPN to access those few sites or create static routes so they just lose me as a visitor.
Since the UK decided that every network connection will be logged for a year in the form of ICR's (Internet connection record) and that everyone and their dog (Scottish and Welsh ambulance service, local councils, food standards agency among others...) can access your viewing + whatever protocol usage, many now live behind a VPN to regain some sort of privacy from big brother. Now we have some admins punishing us for that.
DRM and geofencing forced on media streaming providers means amazon now wont work if your IP resolves to a VPN provider name, despite the tv knowing it's proper location due to the tv signals its getting. Makes the service unusable so amazon loses a customer.
Needs to be a better way to keep privacy without being blocked by overzealous blocking.
Blocking Tor and providers of hosting services or VPS simply breaks your service for people trying to use those services for security or privacy reasons. For example, I have a VPN endpoint which goes to a provider of VPS services. I'm sure that there are malicious people renting space there as well, and I'm also sure that they would be taken down if they could be identified, because it has happened before. If you block my connection into your system, you will lose me as a customer. I need the VPN's services at various points. How would you suggest that I get a VPN operating that your oversimplified security policy won't block?
The overwhelming majority of traffic that we see from TOR exit nodes is malicious, and I wouldn't be doing my job properly if I just let it continue to fill up the logs, just on the off-chance that there might be the occasional legitimate user, so we block them.
We don't, yet, block most VPS endpoints, but that's because the malicious traffic is quite low from them. If it increased to silly levels, I'd block them too.
Don't misunderstand: we don't deliberately go and get a list of TOR exit nodes and pre-emptively block them all at once, but we run fail2ban, and other commercial IDP products, and we just regularly review the lists of blocked IPs, but it soon becomes apparent that a lot of them are TOR nodes.
"The usage of TOR or VPS services from within my corporate network would be cause for termination."
Inside a corporate network is where you don't need them. The corporate has the resources to create VPNs for the users that are not on the network, and there is no need for user privacy on corporate machines. If you read the posts that I replied to, they are discussing blocking access to public-facing services from large ranges of addresses because a hosting provider, which usually includes a VPS provider, is using them. Not because there is any active traffic coming from the entire range, but just because it could.
They are not asking to do it properly, like another poster here suggested: "run fail2ban, and other commercial IDP products, and we just regularly review the lists of blocked IPs". They are suggesting that they simply obtain all the ranges that someone can buy and block them. I would like them to know that there is a reason for legitimate traffic to come from those, and also that if this is their cunning plan to quash security threats, it will be ineffective because an attack can come from any set of IPs.
In practice, I care a lot less about blocking Tor than I do about blocking VPS systems. Tor is rarely used by legitimate users to access the standard internet except to circumvent censorship, and we can ensure that whatever systems are being accessed in that realm know not to block it. However, I don't want my traffic or system to be considered suspect just because I don't have my own IP address range.
Totally agree on all VPS hosting ranges, but Tor Exit nodes I tend to still leave open.
Sure they do tend to the malicious end of the usage spectrum, but to me it's more of a principle to maintain availability via Tor.
I've been in situations before where Tor is the only good option to do something, but am fundamentally unable to, due widesweeping blocks like that. Wasn't a happy camper, so I try to pay it forward.
You save money: you cannot trial them so you do not have to worry about the huge expenses of conducting an investigation, a trial and maintaining jails for the wrongdoers.
It is good politics to be able to name and shame an enemy.
You can reinforce the idea of fear, see all those threats coming from outside, lets build a wall.
Cloudfront
Namecheap
GoogleUserContent
PerfectPrivacy
and yes, I have been seing more and more crap from "OVH" recently as others have mentioned.
Ususually in obfuscated hex format on hijacked sites.
(But they are served from France so not really part of this article)
Not sure why this "research" doesn't name and shame?
(Please add to this list)
This article seems to suggest that the responsibility for all the disasters which have struck the United States may be due to forces in that country. But all we who read the newspapers know that, e g, it was those dastardly Russians who placed Mr Trump in the Oval Office, and those nefarious Chinese who have de-industrialised the United States ; the good people running that country had nothing whatever to do with it....
Henri
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
