Announcement

Collapse
No announcement yet.

Netfilter Releases Nftables 1.0

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • sdack
    replied
    Originally posted by silentcreek View Post
    It is racism if I block people because of their race. Not because of their mere location. If you think your argument through, you could also argue you're discriminating people if you have a whitelist on your server that only allows your own static IP address to access the server, because, well, you're blocking everybody that doesn't use your IP address ...
    No. It is racism and racism is not simply about race. Look it up and look up systemic racism, too. It is not simply my standpoint, but common knowledge. When you do not want to be a racist then start learning what it means and not be a stupid contrarian.

    Leave a comment:


  • silentcreek
    replied
    Originally posted by sdack View Post
    Just like when black people get frisked is it not racism, because it is not them who get searched, but it is their cars and their clothing that get searched, right?!?
    Nope.

    Originally posted by sdack View Post
    You ignorance is f'cking pathetic! Racists like you always come up with reasons and justifications for why they believe it is ok what they do.
    Calm down, man. You know almost nothing about me. Yet, you try to insult me? This doesn't help you prove your point in any way. To me this just shows that your posts are not worth reading anymore.

    Originally posted by sdack View Post
    It is racism not because you block packets, networks, computers or locations, but because you block the people behind it.
    No. It is racism if I block people because of their race. Not because of their mere location. If you think your argument through, you could also argue you're discriminating people if you have a whitelist on your server that only allows your own static IP address to access the server, because, well, you're blocking everybody that doesn't use your IP address and they are people, too.

    But it appears to me that you simply don't want to understand any standpoint but your own. And that's okay. I won't try to convince you. As far as you're concerned, I'm out of this discussion.

    Leave a comment:


  • Jabberwocky
    replied
    Originally posted by sdack View Post
    Really? I did not expect this to be question... Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously. Maybe you are thinking of racism in terms of racial differences, because of the word racism, but it means certainly more than this. Hope this helps, but if not then look it up or google it.
    It must be a cultural difference. This is very different from how the term is used in my area. I was thinking in terms of racial differences and was wondering how that works if you are not aware of the race of the person that is trying to connect xD. Thanks for explaining I have a better understanding if what you mean.

    I live in South Africa and I get blocked by services once in a blue moon, but I think it's just bad routing tables from ISPs (locally and internationally). There's obviously also content based blocks from services like Youtube or Netflix but that's just licensing related. I've never needed any services that blindly block the entire Africa, it's probably a bad service anyway xD.

    IMO organisational/community maintained dynamic blocklists are much better than blindly blocking specific region. Yet I can see how someone can get annoyed by lack of action from authority in countries like Russia and China. You're right it's not always people form that region that are malicious but it's because the governing bodies don't care about the malicious activities that creates a safe environment for the criminals. We have seen some funny tactics directly related to this behavior: https://www.schneier.com/blog/archiv...ansomware.html but I digress. Communication is important and we need to give our friends in Russia, China (and other areas that creates safe areas for bad actors) access to our services. Forcing people to use a VPN to access a public service is very bad IMO.

    Leave a comment:


  • sdack
    replied
    Originally posted by silentcreek View Post
    Come on, this is beyond silly.

    You're mixing up race/nationality/etc. with location. This is not necessarily the same. ...
    Just like when black people get frisked is it not racism, because it is not them who get searched, but it is their cars and their clothing that get searched, right?!? Black people just happen to be in the same location where their cars and clothing are ... You ignorance is f'cking pathetic! Racists like you always come up with reasons and justifications for why they believe it is ok what they do.

    It is racism not because you block packets, networks, computers or locations, but because you block the people behind it. When you then understand how geoblocking has little impact on security, but you do it anyway, perhaps because you think less of them, then you are a dumb racist from head to toe.

    Leave a comment:


  • silentcreek
    replied
    Originally posted by sdack View Post
    Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously.
    Come on, this is beyond silly.

    You're mixing up race/nationality/etc. with location. This is not necessarily the same. Take this scenario for example: If I ran a VPN server in Switzerland and knew that all my endpoints which legitimately connect to the server are also located in Switzerland (but don't know their IP because home users in Europe usually get dynamically assigned addresses) then blocking all traffic from outside of Switzerland isn't racism because I don't block them for not being Swiss, caucasian, christian or what not – but merely because of their apparent location. I'm not arguing that this improves security in any way (but it might help to reduce the log clutter and help you see the more interesting stuff). And I'm not arguing that geoblocking can't be circumvented or is always accurate (which is why I prefer not to use it). But arguing that someone is racist simply because they use geoblocking is just wrong (even though some people might use it with racist intentions).

    Leave a comment:


  • sdack
    replied
    Originally posted by Jabberwocky View Post
    I can see how geoblocking is discriminating but how is it racism?
    Really? I did not expect this to be question... Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously. Maybe you are thinking of racism in terms of racial differences, because of the word racism, but it means certainly more than this. Hope this helps, but if not then look it up or google it.

    Leave a comment:


  • Jabberwocky
    replied
    Originally posted by sdack View Post

    You believe anybody cares who you vote for? Not even bashbash cares who you vote for. All you do is just more ego flattery. Failed attempts do not matter. It needs one successful attempt to turn your day into shit, and for you to realise that your 95% or 99% meant nothing apart from a nice feeling it gave you and which you once had. You might as well block the whole world and allow only traffic from and to your own country, and get a smaller allowlist than your original denylist. Makes little difference apart from a better use of your firewall. It will not fix your problem nor the way you think nor who you vote for.

    Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.

    In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.
    I agree with you that the method that bash2bash uses isn't the best from a technical perspective. Blanket rules isn't very wise since you'd be blocking mostly legitimate connections. I can see how geoblocking is discriminating but how is it racism?

    Leave a comment:


  • sdack
    replied

    Originally posted by aht0 View Post
    Blanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.
    You believe anybody cares who you vote for? Not even bashbash cares who you vote for. All you do is just more ego flattery. Failed attempts do not matter. It needs one successful attempt to turn your day into shit, and for you to realise that your 95% or 99% meant nothing apart from a nice feeling it gave you and which you once had. You might as well block the whole world and allow only traffic from and to your own country, and get a smaller allowlist than your original denylist. Makes little difference apart from a better use of your firewall. It will not fix your problem nor the way you think nor who you vote for.

    Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.

    In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.
    Last edited by sdack; 23 August 2021, 03:05 AM.

    Leave a comment:


  • aht0
    replied
    Third vote of support for bashbash

    Not using iptables like he does but pf, rest is similar. Blanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.

    Bad guys in West may not want to be caught and take up the trouble of spoofing but in East governments don't give a shit as long as they keep their actions oriented towards West, thus they've got no real reason to waste effort on spoofing.

    Leave a comment:


  • sdack
    replied

    Originally posted by cueball View Post
    so your entire paragraph around blocking all incoming traffic is probably pretty far off the mark.
    Probably?! You are just another idiot. Get smart when you want respect. And allow me to help! The source IP address in TCP/IP packets is not set in stone. It is not frozen, nor untouchable. Most malicious traffic has their source address spoofed, meaning, it has a source address that is not the actual source address. The bad guys do not want to get caught and make their traffic hard to trace on purpose. So they spoof the source address, do the same with the rest of their packets, and make them look like a believable accident, like a lonely packet ending up at the wrong address where it knocks innocently at one of your ports.

    To think you could prevent attacks by using geography is as dumb as it gets and it is not more than racism. Even the average kid today already knows how to hide their address, while you still think using a flat list of a million addresses from Russia and China would do something. All it does is to slow your incoming traffic down, because every packet needs to get checked against each of these addresses. Give this a moment to think about, if you can... How much effort is it to scan the list? When you do it with a linear search then it saves you memory, but it is very slow. When you want it fast then you need to make trade-offs, use hashes and trees, which costs you memory.

    So I am going to repeat it again. You both are idiots. All you actually do is to slow down or to stop valid traffic from getting to its destination, while malicious traffic has already outsmarted you. You have failed at solving your problem, and instead do you politicise and blame it on other countries. Trust me, I am helping you more than you currently can see.

    Leave a comment:

Working...
X