[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, Jan 17, 2013 at 1:51 AM, Simon Waters wrote: > The other problem I see trying to stop abuse of web pages is many of the > mobile companies proxy HTTP traffic, in the same way many ISP aggregate > outbound SMTP. So the block lists are polluted with IP addresses of > large proxies (Orange India, Blackberry etc were examples I spotted). > > I think both are broken designs as they mix up (convolve) good and bad > origins. e.g. I am left with accept all O2 traffic, or reject all O2 > traffic, rather than being able to block troublesome IP address > specifically. > > This is the analogous criticism made of the same approach to control > SMTP spam, it moves the spam filtering to the sending ISP, and so if the > ISP is not good at it, or ceases to be good at it, you end up preferring > they hadn't bothered. Meantime proxies complicate delivery and generally > make stuff harder for everyone for no gain. > > The pattern to use here if the ISP must intervene is probably the one > used by Virgin (badly) for implementing censorship, which is you allow > all clients to contact all servers directly and you introduce the proxy > when you identify a problem (e.g. suspected spewing of SMTP, or > suspicious levels of web activity, or servers allegedly hosting child > porn for Virgin media). I think there are good (performance) reasons to proxy HTTP traffic from mobile devices, like there are good reasons to route SMTP traffic from home users through the ISP's MTA. I'm not saying it's always a good thing and I see your point about making filtering more difficult, but neither with comment spam, nor with email spam you're solely dependent on the IP address to make a decision. > On a similar note some of this traffic is from Tor. I did wonder if all > of it is, but not sure how I would tell. I was somewhat surprised that it exists, but there's a DNS-based list that lets you tell whether an IP address is a Tor exit node: https://www.torproject.org/projects/tordnsel.html.en (Strictly speaking, it doesn't tell you whether the traffic is coming from Tor. Someone may make a non-Tor request from the exist node.) >> But then perhaps using a botnet for comment spam is a waste of >> resources. It's probably not something that generate a huge income for >> the crooks behind it. > > Whether the abuse I see is profitable is not my concern. No. But it interests me. And sometimes understanding the business model behind some rogue Internet activity can help fight it. (Though rarely ever at the level of a single organisation.) > Although given the resources they are prepared to dedicate to it I > suspect it must be immensely profitable. Perhaps. I wouldn't be surprised if there is a scheme where those running the commenting network simply convince 'advertisers' that there's money to be made. A lot of email spam isn't profitable for the advertiser; it may still be profitable for the spammer. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq