Originally posted by silentcreek
View Post
Announcement
Collapse
No announcement yet.
Netfilter Releases Nftables 1.0
Collapse
X
-
-
Originally posted by sdack View PostJust like when black people get frisked is it not racism, because it is not them who get searched, but it is their cars and their clothing that get searched, right?!?
Originally posted by sdack View PostYou ignorance is f'cking pathetic! Racists like you always come up with reasons and justifications for why they believe it is ok what they do.
Originally posted by sdack View PostIt is racism not because you block packets, networks, computers or locations, but because you block the people behind it.
But it appears to me that you simply don't want to understand any standpoint but your own. And that's okay. I won't try to convince you. As far as you're concerned, I'm out of this discussion.
Leave a comment:
-
Originally posted by sdack View PostReally? I did not expect this to be question... Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously. Maybe you are thinking of racism in terms of racial differences, because of the word racism, but it means certainly more than this. Hope this helps, but if not then look it up or google it.
I live in South Africa and I get blocked by services once in a blue moon, but I think it's just bad routing tables from ISPs (locally and internationally). There's obviously also content based blocks from services like Youtube or Netflix but that's just licensing related. I've never needed any services that blindly block the entire Africa, it's probably a bad service anyway xD.
IMO organisational/community maintained dynamic blocklists are much better than blindly blocking specific region. Yet I can see how someone can get annoyed by lack of action from authority in countries like Russia and China. You're right it's not always people form that region that are malicious but it's because the governing bodies don't care about the malicious activities that creates a safe environment for the criminals. We have seen some funny tactics directly related to this behavior: https://www.schneier.com/blog/archiv...ansomware.html but I digress. Communication is important and we need to give our friends in Russia, China (and other areas that creates safe areas for bad actors) access to our services. Forcing people to use a VPN to access a public service is very bad IMO.
- Likes 1
Leave a comment:
-
Originally posted by silentcreek View PostCome on, this is beyond silly.
You're mixing up race/nationality/etc. with location. This is not necessarily the same. ...
It is racism not because you block packets, networks, computers or locations, but because you block the people behind it. When you then understand how geoblocking has little impact on security, but you do it anyway, perhaps because you think less of them, then you are a dumb racist from head to toe.
Leave a comment:
-
Originally posted by sdack View PostRacism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously.
You're mixing up race/nationality/etc. with location. This is not necessarily the same. Take this scenario for example: If I ran a VPN server in Switzerland and knew that all my endpoints which legitimately connect to the server are also located in Switzerland (but don't know their IP because home users in Europe usually get dynamically assigned addresses) then blocking all traffic from outside of Switzerland isn't racism because I don't block them for not being Swiss, caucasian, christian or what not – but merely because of their apparent location. I'm not arguing that this improves security in any way (but it might help to reduce the log clutter and help you see the more interesting stuff). And I'm not arguing that geoblocking can't be circumvented or is always accurate (which is why I prefer not to use it). But arguing that someone is racist simply because they use geoblocking is just wrong (even though some people might use it with racist intentions).
Leave a comment:
-
Originally posted by Jabberwocky View PostI can see how geoblocking is discriminating but how is it racism?
Leave a comment:
-
Originally posted by sdack View Post
You believe anybody cares who you vote for? Not even bashbash cares who you vote for. All you do is just more ego flattery. Failed attempts do not matter. It needs one successful attempt to turn your day into shit, and for you to realise that your 95% or 99% meant nothing apart from a nice feeling it gave you and which you once had. You might as well block the whole world and allow only traffic from and to your own country, and get a smaller allowlist than your original denylist. Makes little difference apart from a better use of your firewall. It will not fix your problem nor the way you think nor who you vote for.
Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.
In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.
Leave a comment:
-
Originally posted by aht0 View PostBlanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.
Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.
In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.Last edited by sdack; 23 August 2021, 03:05 AM.
Leave a comment:
-
Third vote of support for bashbash
Not using iptables like he does but pf, rest is similar. Blanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.
Bad guys in West may not want to be caught and take up the trouble of spoofing but in East governments don't give a shit as long as they keep their actions oriented towards West, thus they've got no real reason to waste effort on spoofing.
Leave a comment:
-
Originally posted by cueball View Postso your entire paragraph around blocking all incoming traffic is probably pretty far off the mark.
To think you could prevent attacks by using geography is as dumb as it gets and it is not more than racism. Even the average kid today already knows how to hide their address, while you still think using a flat list of a million addresses from Russia and China would do something. All it does is to slow your incoming traffic down, because every packet needs to get checked against each of these addresses. Give this a moment to think about, if you can... How much effort is it to scan the list? When you do it with a linear search then it saves you memory, but it is very slow. When you want it fast then you need to make trade-offs, use hashes and trees, which costs you memory.
So I am going to repeat it again. You both are idiots. All you actually do is to slow down or to stop valid traffic from getting to its destination, while malicious traffic has already outsmarted you. You have failed at solving your problem, and instead do you politicise and blame it on other countries. Trust me, I am helping you more than you currently can see.
Leave a comment:
Leave a comment: