lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 10 Jun 2011 02:33:52 +0200 (CEST)
From: "TOR" <fulldisc@....hu>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Subject: Re  NiX API

> Im not saying our system is 100% and unbreachable but I do know
> it does give you reasonable protection to address this issue.

Again, of course it provides some protection, I'm just not sure about the 'reasonable' part.
The big issue is with the false positives.

> hosting provider or not. Needless to say, this is very hard work.


One of my points was that many legit users end up using a datacenter's hosting IP.


> web proxies by whole world are hosted of course in hosting providers datacenters


Blocking web proxies would be OK, but you're blocking the whole provider because of it, refusing payments from the maybe hundreds or thousands of IP's that were never proxies and my be used by regular customers.


> thousands of hacked dedicated servers as well to this list that are being
> used for scraping, hacking attempts, brute forcing and so on.


Blocking servers that have done portscanning in the last week/month would be reasonable too, I guess.
But from what I've seen (again, look at your stats) you put the whole /24 on block (as part of your 'very hard work') and probably leave it there for months.


> We leave this decision to you what to block or allow.


After a while it just seems like with that much effort of always adding/removing hosts one could just use his own blocking lists.


> Im happy to hear you're using similar technology. You've just said
> yourself why you do want to block proxy users.


Block them from coming back with a proxy to sign up for free, YES. Blocking paying users, NO. There is a big difference.


> This is true indeed. But if you would have 50 fraudulent purchases in a
> short period. What would you do? You sell TV's. Someone will order a $2500
> nice new TV from your online shop. OK, you go and check this client IP
> it's a proxy or Tor exit node.


If it's a TOR exit node, probably not. If it's some IP that belongs to a data center, probably yes. To make a decision, I would more rely on inconsistency between credit card country, geoip, and where the item will be shipped to. Blocking just based on the IP is a bad idea, and this has been my point all along.


> Im happy to hear it works out to you. A few days ago, i received an email
> from https://www.proxpn.com/ admin that he suspended fraudulent user VPN
> account due to the abuse. A fraudster used a stolen credit card using
> their VPN to purchase a service from us. Needless to say, their CIDR's has
> been also added to this list.


Cool story, bro.

We probably agree for the most part, proxy IP's are suspicious I'm just saying I don't necessarily agree with your definition of what a proxy is and the idea of blocking customers blindly based on your list.
Anyway, the whole thread seems kind of offtopic to FD so no more replies from me. The only reason I replied in the frist place was to share my two cents related to the subject based on my experience with blocking proxies, Paypal chargebacks and to speak out for the legit customers who are 'suspicious' in your list but still pay for TorVPN.

Regards,
http://torvpn.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ