Some speed thing maybe? Those are right on the edge of the octet, /16's are network.network.host.hos

Some speed thing maybe? Those are right on the edge of the octet, /16's are network.network.host.host, /24's are network.network.network.host

ChaikaOP•10/15/23, 9:54 PM

IP Address Rules are really old though, I would follow its suggestion, you could use a custom rule it or use IP lists

CChaika Some speed thing maybe? Those are right on the edge of the octet, /16's are netw...

captain•10/15/23, 9:55 PM

that's gonna be a bit of time..but you are right

captain•10/15/23, 9:56 PM

54.195.114.186

captain•10/15/23, 9:56 PM

which traces back to amazon ireland i guess

captain•10/15/23, 9:56 PM

AS16509 AMAZON-02

Original message was deleted

captain•10/15/23, 9:57 PM

AS16509 AMAZON-02 is this a real amazon asn and do you know of a list for all amazon asn's?

Original message was deleted

captain•10/15/23, 9:59 PM

got it thanks

ChaikaOP•10/15/23, 10:00 PM

they've got an AS List (as-amazon) you can jump into and find all of their ASNs: https://bgp.tools/as-set/ARIN::AS16509:AS-AMAZON
Not sure all are used for customer stuff though

AS-SET AS16509:AS-AMAZON - bgp.tools

CChaika they've got an AS List (as-amazon) you can jump into and find all of their ASNs:...

captain•10/15/23, 10:02 PM

nice. would block AS16509 would block everything listed in https://bgp.tools/as-set/ARIN::AS16509:AS-AMAZON

AS-SET AS16509:AS-AMAZON - bgp.tools

ChaikaOP•10/15/23, 10:02 PM

nah that's just one of their ASNs, each one in that list is a separate ASN

CChaika nah that's just one of their ASNs, each one in that list is a separate ASN

captain•10/15/23, 10:03 PM

got it

ChaikaOP•10/15/23, 10:07 PM

There are trade offs with everything, the more you block, the more innocent people you will block that come from Amazon/etc ASNs due to company VPNs and such

ChaikaOP•10/15/23, 10:11 PM

imo the way Google and other big websites deal with attacks and such (at least against static assets/non-abusable things like loading home pages) is the best, just absorbing them with capacity rather then trying to play a game of whack a mole. Cloudflare makes this possible pretty easily with caching, rate limiting rules and such, and then for bigger abusers you can serve challenges based on IP Rep and stricter rate limits on specific endpoints, accepting the fact that some bots/etc will always get through, make it a bit harder, but not hard enough to potentially give any real users too much of a hassle

CChaika imo the way Google and other big websites deal with attacks and such (at least a...

captain•10/15/23, 10:18 PM

i get that, but my opinion to add to that is that if Amazon has a bunch of fraudulent actors on their system, they could be doing alot more to remove them and report them to the FBI

captain•10/15/23, 10:18 PM

i have all the IP's that lead to a payment source and to a login of a user that they have access to

captain•10/15/23, 10:19 PM

they could then monitor the traffic, find other bots doing the same traffic and take it down

Original message was deleted

captain•10/15/23, 10:20 PM

don't they have to have a funding source?

Original message was deleted

captain•10/15/23, 10:21 PM

that might true...but that is still fraud that they could stop, the onus isn't on me or cloudflare, its on the company running the server

captain•10/15/23, 10:21 PM

its amazon's customer, and amazon's job to stop fraud

captain•10/15/23, 10:21 PM

if amazon is making MONEY on fraud...than they are culpable

Original message was deleted

captain•10/15/23, 10:22 PM

if I report 1 ip, they could investigate all the ips in that user's account

captain•10/15/23, 10:22 PM

and quickly see a pattern

captain•10/15/23, 10:23 PM

the same playbook is coming from 100s maybe 1000s of their ips

captain•10/15/23, 10:23 PM

as i watch my logs

Original message was deleted

captain•10/15/23, 10:23 PM

Wiretap is something done to a public utility...not in a server

captain•10/15/23, 10:24 PM

once that info leaves the datacenter if being monitored..then its a wiretap

captain•10/15/23, 10:24 PM

but from within their datacenter on their servers and their product

captain•10/15/23, 10:24 PM

yeah they can do that

Original message was deleted

captain•10/15/23, 10:25 PM

https is encrypting the content

captain•10/15/23, 10:25 PM

but they can see a post or a get url attempting to leave their facility

captain•10/15/23, 10:26 PM

not the body of the content

Original message was deleted

captain•10/15/23, 10:28 PM

how come isp's are?

captain•10/15/23, 10:28 PM

they can't see my internet traffic?

captain•10/15/23, 10:29 PM

they don't know what url i requested to see?

captain•10/15/23, 10:29 PM

then what's the point of 1.1.1.1

captain•10/15/23, 10:30 PM

or a vpn

captain•10/15/23, 10:31 PM

i thought there was a big fight over ISP's being able to check and monitor the website requests

captain•10/15/23, 10:32 PM

one other question...

captain•10/15/23, 10:32 PM

seeing ip's coming from Verizon business

captain•10/15/23, 10:32 PM

whats your guys stance on blocking those guys, without blocking business internet

captain•10/15/23, 10:32 PM

or is that in your list of ASN;s

captain•10/15/23, 10:34 PM

AS54538 palo alto networks getting in the game alot too

captain•10/15/23, 10:39 PM

https://www.ip-tracker.org/lookup.php?ip=45.61.166.53 leads to https://ipinfo.io/AS14956 which leads to https://host.io/routerhosting.com which leads to a bunch of domains with cloudflare as the nameserver...argg

45.61.166.53 IP Location: Las Vegas, United States US

IP 45.61.166.53, Hostname (Not set. Same as IP Address): 45.61.166.53, US IP Location: city Las Vegas, state Nevada, country United States

AS14956 RouterHosting LLC details - IPInfo.io

AS14956 autonomous system information: WHOIS details, hosted domains, peers, upstreams, downstreams, and more

routerhosting.com - host.io

routerhosting.com (hosted on cloudflare.com) details, including IP, backlinks, redirect information, and reverse IP shared hosting data

captain•10/15/23, 10:39 PM

arggg

captain•10/15/23, 10:40 PM

anyways...thanks for chatting...my gf doesn't give a crap about any of this, nice to know there are people that do lol

captain•10/15/23, 10:45 PM

Palo Alto is using google cloud and has their own ASN

captain•10/15/23, 10:45 PM

tricky

Original message was deleted

captain•10/15/23, 10:47 PM

its strange...they mix it up

captain•10/15/23, 10:50 PM

ie: one request:

dev_nginx.access.log.1:198.235.24.174 - - [14/Oct/2023:16:15:41 +0000] "GET / HTTP/1.1" 200 46892 "http://mydomain.com/" "-" "198.235.24.174" 329 1.867 "382712" "1.867" "santamonicasoul.com"

Then in another request:
nginx.access.log.1:198.235.24.174 - - [14/Oct/2023:06:13:10 +0000] "GET / HTTP/1.1" 301 0 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

captain•10/15/23, 10:50 PM

i don't know anyways I'm gonna take a break from this, thanks to all that responded

Some speed thing maybe? Those are right on the edge of the octet, /16's are network.network.host.hos

Similar Threads

Similar Threads

Similar Threads