Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Requests
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Seeking provider that is understanding towards service fingerprinting and scanning of the internet.

1235»

Comments

  • TimboJonesTimboJones Member

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    What would need to be moderated is the question?

    To not set 80% score for an IP that was only found doing ICMP echo-request (that didn't even trigger a single abuse complaint), see https://lowendtalk.com/discussion/comment/4489508/#Comment_4489508

    Please don't confuse ICMP requests with fingerprinting. That's the difference from someone shouting "anyone home?" from the street and someone going around recording your door and window status. That ain't your fucking business unless invited.

    Unfortunately, this doesn't work like so. You can't even know if sent ICMP echo-request had spoofed source IP address or not, same goes for any report based upon single packet without any challenge (like TCP handshake for example).

    We might be talking about different things. How does a spoofed source packet receive useful response (the fingerprint)?

    It doesn't. What I meant is that it is bad idea to ban/report IP address that could be spoofed.

    What use case are you referring to?

    Not a use case, someone could just specifically craft same packet to accuse someone of doing malicious activity while they don't actually do it.

    It's kind of on the side receiving the abuse report to validate and take action.

    While I agree with this, I still stand still that you must not act upon unreliable evidence (one that easily forged).

    It's to incentivise network operators to implement proper security like BCP38.

  • tentortentor Member, Host Rep
    edited August 2025

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    What would need to be moderated is the question?

    To not set 80% score for an IP that was only found doing ICMP echo-request (that didn't even trigger a single abuse complaint), see https://lowendtalk.com/discussion/comment/4489508/#Comment_4489508

    Please don't confuse ICMP requests with fingerprinting. That's the difference from someone shouting "anyone home?" from the street and someone going around recording your door and window status. That ain't your fucking business unless invited.

    Unfortunately, this doesn't work like so. You can't even know if sent ICMP echo-request had spoofed source IP address or not, same goes for any report based upon single packet without any challenge (like TCP handshake for example).

    We might be talking about different things. How does a spoofed source packet receive useful response (the fingerprint)?

    It doesn't. What I meant is that it is bad idea to ban/report IP address that could be spoofed.

    What use case are you referring to?

    Not a use case, someone could just specifically craft same packet to accuse someone of doing malicious activity while they don't actually do it.

    It's kind of on the side receiving the abuse report to validate and take action.

    While I agree with this, I still stand still that you must not act upon unreliable evidence (one that easily forged).

    It's to incentivise network operators to implement proper security like BCP38.

    More like to annoy ones who implemented and deceive clueless

  • fluffernutterfluffernutter Member

    @avsisp said:
    Every state is different on this - and I'm no lawyer so not gonna try to quote all. I've only lived in 10 of them before leaving the USA.

    offtopic, but why would you leave the US for Albania? genuinely curious.

    Thanked by 2oloke iceman
  • TimboJonesTimboJones Member

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    What would need to be moderated is the question?

    To not set 80% score for an IP that was only found doing ICMP echo-request (that didn't even trigger a single abuse complaint), see https://lowendtalk.com/discussion/comment/4489508/#Comment_4489508

    Please don't confuse ICMP requests with fingerprinting. That's the difference from someone shouting "anyone home?" from the street and someone going around recording your door and window status. That ain't your fucking business unless invited.

    Unfortunately, this doesn't work like so. You can't even know if sent ICMP echo-request had spoofed source IP address or not, same goes for any report based upon single packet without any challenge (like TCP handshake for example).

    We might be talking about different things. How does a spoofed source packet receive useful response (the fingerprint)?

    It doesn't. What I meant is that it is bad idea to ban/report IP address that could be spoofed.

    What use case are you referring to?

    Not a use case, someone could just specifically craft same packet to accuse someone of doing malicious activity while they don't actually do it.

    It's kind of on the side receiving the abuse report to validate and take action.

    While I agree with this, I still stand still that you must not act upon unreliable evidence (one that easily forged).

    It's to incentivise network operators to implement proper security like BCP38.

    More like to annoy ones who implemented and deceive clueless

    What? Having the filtering in place allows you to confirm spoofing or not. "Hey, don't block us, it ain't coming from our network, we use egress filtering. Why don't you implement ingress filtering for your customers and reduce such issues."

  • tentortentor Member, Host Rep

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    @TimboJones said:

    @tentor said:

    What would need to be moderated is the question?

    To not set 80% score for an IP that was only found doing ICMP echo-request (that didn't even trigger a single abuse complaint), see https://lowendtalk.com/discussion/comment/4489508/#Comment_4489508

    Please don't confuse ICMP requests with fingerprinting. That's the difference from someone shouting "anyone home?" from the street and someone going around recording your door and window status. That ain't your fucking business unless invited.

    Unfortunately, this doesn't work like so. You can't even know if sent ICMP echo-request had spoofed source IP address or not, same goes for any report based upon single packet without any challenge (like TCP handshake for example).

    We might be talking about different things. How does a spoofed source packet receive useful response (the fingerprint)?

    It doesn't. What I meant is that it is bad idea to ban/report IP address that could be spoofed.

    What use case are you referring to?

    Not a use case, someone could just specifically craft same packet to accuse someone of doing malicious activity while they don't actually do it.

    It's kind of on the side receiving the abuse report to validate and take action.

    While I agree with this, I still stand still that you must not act upon unreliable evidence (one that easily forged).

    It's to incentivise network operators to implement proper security like BCP38.

    More like to annoy ones who implemented and deceive clueless

    What? Having the filtering in place allows you to confirm spoofing or not.

    It needs to be implemented at the side of spoofing network, not victim or abused reporter. Otherwise, no effect.

    "Hey, don't block us, it ain't coming from our network, we use egress filtering. Why don't you implement ingress filtering for your customers and reduce such issues."

    We tried to explain that to @avsisp above. As you can see, it doesn't work in practice. In the result, AbuseIPDB is still spammed with junk and source IP spoofing is still a thing.

  • icemaniceman Member
    edited August 2025

    @fluffernutter said:

    @avsisp said:
    Every state is different on this - and I'm no lawyer so not gonna try to quote all. I've only lived in 10 of them before leaving the USA.

    offtopic, but why would you leave the US for Albania? genuinely curious.

    They don't usually, except if they got caught with criminal activities as they usually do! An albanian with a company "registered" in Wyoming, USA, i mean what could go wrong :) If you aren't in the US anymore, why did you registered a company in Wyoming then, tax evasion?

Sign In or Register to comment.