Announcement

Collapse
No announcement yet.

Netfilter Releases Nftables 1.0

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Third vote of support for bashbash

    Not using iptables like he does but pf, rest is similar. Blanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.

    Bad guys in West may not want to be caught and take up the trouble of spoofing but in East governments don't give a shit as long as they keep their actions oriented towards West, thus they've got no real reason to waste effort on spoofing.

    Comment


    • #22

      Originally posted by aht0 View Post
      Blanket-blocked in firewall China, Russia, Ukraine, Belarus, South America, bunch of Africa and 95% of malicious incoming attempts went away. It's pretty easy to check the difference when rules are enabled and when they are disabled.
      You believe anybody cares who you vote for? Not even bashbash cares who you vote for. All you do is just more ego flattery. Failed attempts do not matter. It needs one successful attempt to turn your day into shit, and for you to realise that your 95% or 99% meant nothing apart from a nice feeling it gave you and which you once had. You might as well block the whole world and allow only traffic from and to your own country, and get a smaller allowlist than your original denylist. Makes little difference apart from a better use of your firewall. It will not fix your problem nor the way you think nor who you vote for.

      Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.

      In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.
      Last edited by sdack; 23 August 2021, 03:05 AM.

      Comment


      • #23
        Originally posted by sdack View Post

        You believe anybody cares who you vote for? Not even bashbash cares who you vote for. All you do is just more ego flattery. Failed attempts do not matter. It needs one successful attempt to turn your day into shit, and for you to realise that your 95% or 99% meant nothing apart from a nice feeling it gave you and which you once had. You might as well block the whole world and allow only traffic from and to your own country, and get a smaller allowlist than your original denylist. Makes little difference apart from a better use of your firewall. It will not fix your problem nor the way you think nor who you vote for.

        Your problem is to prevent a successful attack and not attempts. Your solution is that of a racist, someone who hears there are a lot of black people in prison so you put a sign in the window that says "no blacks". Geoblocking is racism.

        In the end is your blocklist only the result of a successful denial of service attack, because denial of service attacks do not just spam with you with packets. They want you to shut down your servers, or some of them, or a part of your service, or to change your service, to make it tedious for your users, take away your users in some way. That you then block half the world makes it a success for the attacker. It becomes a con, a trick of confidence, where you got made to think that by permanently denying your service to half the world would be a gain for you, while really it is a win for the attackers. An attacker can be sitting anywhere in the world, i.e. Europe, and be using a botnet in Russia or China, or spoof their addresses. Yet you block many innocent users from accessing your service. But maybe that is a good thing and your service is a shit show anyways.
        I agree with you that the method that bash2bash uses isn't the best from a technical perspective. Blanket rules isn't very wise since you'd be blocking mostly legitimate connections. I can see how geoblocking is discriminating but how is it racism?

        Comment


        • #24
          Originally posted by Jabberwocky View Post
          I can see how geoblocking is discriminating but how is it racism?
          Really? I did not expect this to be question... Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously. Maybe you are thinking of racism in terms of racial differences, because of the word racism, but it means certainly more than this. Hope this helps, but if not then look it up or google it.

          Comment


          • #25
            Originally posted by sdack View Post
            Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously.
            Come on, this is beyond silly.

            You're mixing up race/nationality/etc. with location. This is not necessarily the same. Take this scenario for example: If I ran a VPN server in Switzerland and knew that all my endpoints which legitimately connect to the server are also located in Switzerland (but don't know their IP because home users in Europe usually get dynamically assigned addresses) then blocking all traffic from outside of Switzerland isn't racism because I don't block them for not being Swiss, caucasian, christian or what not – but merely because of their apparent location. I'm not arguing that this improves security in any way (but it might help to reduce the log clutter and help you see the more interesting stuff). And I'm not arguing that geoblocking can't be circumvented or is always accurate (which is why I prefer not to use it). But arguing that someone is racist simply because they use geoblocking is just wrong (even though some people might use it with racist intentions).

            Comment


            • #26
              Originally posted by silentcreek View Post
              Come on, this is beyond silly.

              You're mixing up race/nationality/etc. with location. This is not necessarily the same. ...
              Just like when black people get frisked is it not racism, because it is not them who get searched, but it is their cars and their clothing that get searched, right?!? Black people just happen to be in the same location where their cars and clothing are ... You ignorance is f'cking pathetic! Racists like you always come up with reasons and justifications for why they believe it is ok what they do.

              It is racism not because you block packets, networks, computers or locations, but because you block the people behind it. When you then understand how geoblocking has little impact on security, but you do it anyway, perhaps because you think less of them, then you are a dumb racist from head to toe.

              Comment


              • #27
                Originally posted by sdack View Post
                Really? I did not expect this to be question... Racism includes race, ethnicity, nationality, and religion. When you block all traffic from China, Russia or South America then you are discriminating people based on their race, nationality and ethnicity obviously. Maybe you are thinking of racism in terms of racial differences, because of the word racism, but it means certainly more than this. Hope this helps, but if not then look it up or google it.
                It must be a cultural difference. This is very different from how the term is used in my area. I was thinking in terms of racial differences and was wondering how that works if you are not aware of the race of the person that is trying to connect xD. Thanks for explaining I have a better understanding if what you mean.

                I live in South Africa and I get blocked by services once in a blue moon, but I think it's just bad routing tables from ISPs (locally and internationally). There's obviously also content based blocks from services like Youtube or Netflix but that's just licensing related. I've never needed any services that blindly block the entire Africa, it's probably a bad service anyway xD.

                IMO organisational/community maintained dynamic blocklists are much better than blindly blocking specific region. Yet I can see how someone can get annoyed by lack of action from authority in countries like Russia and China. You're right it's not always people form that region that are malicious but it's because the governing bodies don't care about the malicious activities that creates a safe environment for the criminals. We have seen some funny tactics directly related to this behavior: https://www.schneier.com/blog/archiv...ansomware.html but I digress. Communication is important and we need to give our friends in Russia, China (and other areas that creates safe areas for bad actors) access to our services. Forcing people to use a VPN to access a public service is very bad IMO.

                Comment


                • #28
                  Originally posted by sdack View Post
                  Just like when black people get frisked is it not racism, because it is not them who get searched, but it is their cars and their clothing that get searched, right?!?
                  Nope.

                  Originally posted by sdack View Post
                  You ignorance is f'cking pathetic! Racists like you always come up with reasons and justifications for why they believe it is ok what they do.
                  Calm down, man. You know almost nothing about me. Yet, you try to insult me? This doesn't help you prove your point in any way. To me this just shows that your posts are not worth reading anymore.

                  Originally posted by sdack View Post
                  It is racism not because you block packets, networks, computers or locations, but because you block the people behind it.
                  No. It is racism if I block people because of their race. Not because of their mere location. If you think your argument through, you could also argue you're discriminating people if you have a whitelist on your server that only allows your own static IP address to access the server, because, well, you're blocking everybody that doesn't use your IP address and they are people, too.

                  But it appears to me that you simply don't want to understand any standpoint but your own. And that's okay. I won't try to convince you. As far as you're concerned, I'm out of this discussion.

                  Comment


                  • #29
                    Originally posted by silentcreek View Post
                    It is racism if I block people because of their race. Not because of their mere location. If you think your argument through, you could also argue you're discriminating people if you have a whitelist on your server that only allows your own static IP address to access the server, because, well, you're blocking everybody that doesn't use your IP address ...
                    No. It is racism and racism is not simply about race. Look it up and look up systemic racism, too. It is not simply my standpoint, but common knowledge. When you do not want to be a racist then start learning what it means and not be a stupid contrarian.

                    Comment


                    • #30

                      Originally posted by Jabberwocky View Post
                      You're right it's not always people form that region that are malicious but it's because the governing bodies don't care about the malicious activities.
                      This is also not quite true. When hackers build up a bot network by hacking into CCTV cameras in Russia, China and other countries then the problem is that the people in these countries are being exploited. They are the intermediate victims of an attack. These hacked cameras can then be used to spam DDoS attacks against a single target in the US for example. So while the hackers do not care for borders and can be living anywhere in the world, do the governments first need to seek international cooperation. To then find out who hacked into the cameras, turned them into bots, and from where this was done, can be impossible and not be worth the effort. Even when a cooperation takes place and the problem gets fixed will attackers have moved on and are creating more sophisticated attacks to evade detection. The final victim then sees a flood of packets coming from Russia or China. It has however little to do with these countries or their governments. They do not want these attacks either.

                      I have seen border-crossing attacks with botnets already 20 years ago. So this is not new to me. But I am surprised how people still today think it is cool to block entire countries and do not see it as racism, because they seem to think Russians are mostly white, it has got many of them, they live far away, they drink a lot of vodka, so it is probably ok, because "it is only racism when people are black" ...

                      Comment

                      Working...
                      X