nanog mailing list archives
Re: Netblock reassigned from Chile to US ISP...
From: "James Hess" <mysidia () gmail com>
Date: Sat, 13 Dec 2008 02:22:01 -0600
On 08.12.13 09:33, Tomas L. Byrnes wrote:anyone with half a brain blocks proxies from their e-commerce site.can you know at a reasonable confidence level that it's a proxy?Give me an IP address (privately, of course). I can tell you if it is, with consult from other colleagues in the security community. That's almost a no-brainer.
Oh, but can you tell if an IP address is a compromised workstation or host of a VPN application that only allows the proxy access to the intruder? Not all proxies are plainly visible. Geography of an IP address can be a useful heuristic to assist detection, when most transactions attempted from certain regions are bad; esp. when combined with other factors This is a strategy well-known to be probalistic, and thus imperfect (not every fraud attempt will be noticed by a detector, and there will be false positives, but probably very few in relation to the total transaction throughput of say a large online retailer). E-mail spam filters use imperfect methods like this all the time; there is no magic check to prove a message spam or not spam. Instead, _many_ randomized spam checks are strung in sequence for the same message. And if any one or two checks fail, filters drop the message. A successful message (or E-commerce transaction) is one that clears substantially all spam/ fraud checks. An in-depth strategy with hundreds or thousands of factors examined results in a smaller (but still present) possibility of the filter/detector being fooled. IP-based methods can be combined with the other stronger analysis of transaction details and other info that can be gathered about a submitter for detection of attempted abuse. -- -J
Current thread:
- Re: Netblock reassigned from Chile to US ISP..., (continued)
- Re: Netblock reassigned from Chile to US ISP... Owen DeLong (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Martin List-Petersen (Dec 12)
- RE: Netblock reassigned from Chile to US ISP... Tomas L. Byrnes (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Martin Hannigan (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Randy Bush (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Paul Ferguson (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Randy Bush (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Paul Ferguson (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Randy Bush (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Paul Ferguson (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... James Hess (Dec 13)
- Re: Netblock reassigned from Chile to US ISP... Steven M. Bellovin (Dec 13)
- Re: Netblock reassigned from Chile to US ISP... Andy Davidson (Dec 13)
- Re: Netblock reassigned from Chile to US ISP... Martin List-Petersen (Dec 12)
- RE: Netblock reassigned from Chile to US ISP... Tomas L. Byrnes (Dec 12)
- Re: Netblock reassigned from Chile to US ISP... Stephane Bortzmeyer (Dec 15)