[BC] ANI Faking --and-- IP address blocking

Cowboy curt at spam-o-matic.net
Mon May 12 05:53:40 CDT 2008 

On Sunday 11 May 2008 07:16 pm, Tom wrote:
>  Query?
>  
>  Most wanted traffic on THIS end is from STATIC IPs; otherwise, it'd be 
>  kinda hard for Domain Name Servers to interpret something like 
>  radioxtz.com as 207.69.188.186

 May I refer you to an idea such as dyndns.com , or no-ip.com ?

>  And with cable/DSL, most theoretically "dynamic" IPs are, for all 
>  practical purposes, static.

 This would be the basic flaw in that reasoning.
 Dynamic, by definition, is not static, for practical purposes or otherwise.
 If you're talking time frames measured in increments no greater than minutes,
 I *might* agree with you, dynamicly, but too often have I seen permanent
 solutions to temporary problems.

>  OTOH, I can input the name, rather than the IP number, to the whitelist 
>  in my firewall, and let Brighthouse/Roadrunner/Earthlink/Mindspring's 
>  DNS figure it out ...  need a baby detector before throwing out the 
>  bathwater, obviously.

 This might work in theory, but in the real world it fails with enough
 regularity to be the exception rather than the norm.
 An exception does not prove a rule.

On Sunday 11 May 2008 07:04 pm, Craig Healy wrote:
>  >  Since most wanted traffic originates from dynamic IP's, and nearly all
>  >  unwanted traffic originates from dynamic IP's, you can not in any
>  practical
>  >  way, keep the baby should you choose to implement such a flawed idea
>  >  in the first place.
>  
>  What if you simply don't care about anything that comes from China?  For
>  example, 210.xxx.xxx.xxx 211.xxx.xxx.xxx 219.xxx.xxx.xxx 220.xxx.xxx.xxx and
>  221.xxx.xxx.xxx all seem to be assigned to China.  If I block those, why
>  would I care?  Dynamic addresses still are included within assigned blocks.
>  All the more reason to block groups instead of individual addresses.

 The more reason for an effective and properly implemented filtering system,
 which will not include on-line black lists, nor IP blocking of any kind. ( with
 incredibly few exceptions )
 Until such time as one can point to an official IANA or ICANN document stating
 that ANY IP is always assigned to some country, your premis is based entirely
 on that one word "seems" which is a VERY dangerous assumption.
 A better assumption would be that your assumption has already failed, but
 you have blocked any attempt to let you know about it.

>  Right now at another place I block any incoming email to two domains from
>  those IP addresses, plus some other questionable ones.  In the several years
>  I've done that, not once has there been a problem.

 Again flawed logic.
 It would be acceptable to state "Not once have we been made aware of a
 problem" with the understanding that you have also blocked ALL
 attempts to notify you of a problem, perhaps a serious one.

>  What would be good would be to set the router to do that instead of two
>  steps later on an email filter.  And it would also block a good percentage
>  of hack attacks.
>  
>  To be honest, this client would prefer to just whitelist US and probably
>  Canadian addresses, and some Europeans and Australians as well.  Block the
>  rest of the world.
>  
>  Why is it flawed to block a range of addresses from which most of the spam
>  and attacks originate?  Seriously, if there is some plausible reason I'll
>  bring it to this client and try to convince them.

 Let's see......
 Nearly all terrorists, are male and between the ages of 18 and 40.
 Therefore, we assume that ALL males between the ages of 18 and 40 are
 terrorists, and execute them on sight.

 This is called "inductive reasoning" and was taught to be a bad idea
 about second or third grade, and why.

 Of course, that *was* before "New Math."      :)

>  For what it's worth, the particular SMTP server I use at one location
>  requires all email addresses to be configured.  If an address isn't found,
>  it refuses the mail.  Approximately 98% of the incoming mail is blocked,
>  according to the logs.  All spam.

 This was tried by some of the major ISP's for a while, and was such a miserable
 failure I pretty sure no one of any repute uses it today.

 With my above example, it should be painfully obvious why this is
 a really bad idea. It can get worse. Some will again assume that merely 
 adding a bit more criteria will suffice.
 OK.
 Nearly all terrorists, are male and between the ages of 18 and 40, and Arab.
 Therefore, we assume that ALL Arab males between the ages of 18 and 40 are
 terrorists, and execute them on sight.

 This will eliminate 98% of the terrorist problem, but still leave the IRA.
 OK.
 Nearly all terrorists, are male and between the ages of 18 and 40, and Arab OR Irish.
 Therefore, we assume that ALL Arab and Irish males between the ages of 18 and 40
 are terrorists, and execute them on sight.

 Can you see where this is going ?
 I merely point out that the basis for this kind of logic is flawed.
 Until you can fix the basis, you can not fix the outcome.
 There is no good way to implement a bad idea.

 While it *may* be true that 10 million monkeys banging on typewriter keyboards
 for 10 million years *may* produce the works of Shakespeare at some point,
 The likelihood that GIGO, is a much safer assumption.

-- 
Cowboy

More information about the Broadcast mailing list