Python Magazine
Chris Angelico
rosuav at gmail.com
Sun May 26 01:17:11 EDT 2013
On Sun, May 26, 2013 at 3:00 PM, Carlos Nepomuceno
<carlosnepomuceno at outlook.com> wrote:
> ----------------------------------------
>> Date: Sun, 26 May 2013 14:31:57 +1000
>> Subject: Re: Python Magazine
>> From: rosuav at gmail.com
>> To: python-list at python.org
> [...]
>> I expect that IP blocks will be upgraded to /64 block blocks, if that
>> starts being a problem. But it often won't, and specific IP address
>> blocks will still be the norm.
>>
>> ChrisA
>
>
> Blocking a whole network (/65) is totally undesirable and may even become illegal.
Blocking a /64 is exactly the same as blocking a /32 with NAT behind
it. And how could it be illegal? I provide service to those I choose
to provide to.
> Currently it may not only happen at the target of the DDoS attack, but be spread all over the internet where block lists are enforced.
>
> I don't expect that to happen and if it happens I'm surely in favor of protection against this type of 'solution' because it will block not only malicious clients but potentially many other legitimate clients.
Banning a wide netblock is of course going to lock out legit clients.
But IP rotation means that can happen anyway. You block a single IPv4
address that right now represents an abusive user; that user
disconnects and reconnects, gets a new IP, and someone else gets the
other one. Can happen all too easily. That's why IP-banning is at best
a temporary solution anyway.
ChrisA
More information about the Python-list
mailing list