you are viewing a single comment's thread.

view the rest of the comments →

[–]SaidOverRed 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

Forgive the ignorance, but won't they run out of VPN IPs? There's only so many free ones, and it would get expensive cycling paid for once, right?

[–]magnora7 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (5 children)

For cheap VPNs, yeah. But they apparently have really good VPNs with literally trillions of free addresses they can change to at random. Either that or they're spoofing IPs, in which case they can have any IP

[–]SaidOverRed 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (4 children)

Uh more questions: I thought IP spoofing isn't possible under HTTPS because both parties have to agree on the endpoints and thus saidit would send the request to the spoofed address during negotiation, which would obviously fail and thus it would ignore any commands given. Is HTTP available when posting rather than just lurking?

And trillions? Even a thousand IPs would be very expensive for a VPN provider under IPv4, right? Or is IPv6 not blocked?

[–]magnora7 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (3 children)

They use IPv6 and IPv4 both, randomly. They might not be spoofing, but they clearly have access to literally trillions of addresses

[–]SaidOverRed 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (1 child)

Not to be bothersome, but wouldn't it be a good thing to block all of IPv6? I'm unsure what downsides this would have, but it would certainly make IPv4 blocks feasible. Then the attackers VPNs would shrink until you only had new services popping up to worry about. Granted it's a popular market, but I would hope the psychological benefit of knowing only 'new' problems need be addressed would be invaluable. I'll confess that I don't know if there are actually 10,000 VPN IPs available to dedicated paid shills. I suppose it depends on the money backing them.

I'm normally not for this type of behavior, but the big boys often have internal lists of VPN IPs that they block. Not sure if they share these blacklists, however.

[–]magnora7 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

Seems quite heavy-handed. We'd also block about 1/3 of our legitimate users probably.

Also they have very good IPv4 VPNs, so it wouldn't even help anyway.

Yes they have literally trillions of IPs, and I'm not joking or exaggerating that number. We have been building a blacklist of IPs since this site started and it hasn't slowed them one bit

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Sounds like what TOR does. Some nodes are v4, others are v6.