Netblock reassigned from Chile to US ISP...
mysidia at gmail.com
Sat Dec 13 02:22:01 CST 2008
>> On 08.12.13 09:33, Tomas L. Byrnes wrote:
>>> anyone with half a brain blocks proxies from their e-commerce site.
>> can you know at a reasonable confidence level that it's a proxy?
> Give me an IP address (privately, of course). I can tell you if it is, with
> consult from other colleagues in the security community.
> That's almost a no-brainer.
Oh, but can you tell if an IP address is a compromised workstation or
host of a VPN application that only allows the proxy access to the
Not all proxies are plainly visible.
Geography of an IP address can be a useful heuristic to assist
detection, when most
transactions attempted from certain regions are bad; esp. when
combined with other factors
This is a strategy well-known to be probalistic, and thus imperfect
(not every fraud attempt will be noticed by a detector, and there will
be false positives, but probably very few in relation to
the total transaction throughput of say a large online retailer).
E-mail spam filters use imperfect methods like this all the time;
there is no magic check
to prove a message spam or not spam.
Instead, _many_ randomized spam checks are strung in sequence for
the same message.
And if any one or two checks fail, filters drop the message.
A successful message (or E-commerce transaction) is one that clears
substantially all spam/
An in-depth strategy with hundreds or thousands of factors examined
results in a smaller
(but still present) possibility of the filter/detector being fooled.
IP-based methods can be combined with the other stronger analysis of
transaction details and other info that can be gathered about a
submitter for detection of attempted abuse.
More information about the NANOG