Comment by grayhatter
1 year ago
> Bad business, guys. You gotta find another way. Blocking IP addresses is o-ver.
no, it's still the front line. And likely always will be. It's the only client identifier bots can't lie about. (or nearly the only)
At $OLDJOB, ASN reputation was the single best predictor of traffic hostility. We were usually smart enough to know which we can, or can't block outright. But it's an insane take to say network based blocking is over... especially on a thread about some vendor blocking benign users because of the user-agent.
I don't use iCloud Relay but it seems Apple's ASN would be 'reputable'.
Pretty sure the box with the "shield" icon on it, the ASN the web site would see, is, not coincidentally, CloudFlare?
https://support.apple.com/en-us/102602
"As mentioned above, Cloudflare functions as a second relay in the iCloud Private Relay system. We’re well suited to the task — Cloudflare operates one of the largest, fastest networks in the world. Our infrastructure makes sure traffic reaches every network in the world quickly and reliably, no matter where in the world a user is connecting from."
https://blog.cloudflare.com/icloud-private-relay/
It would appear to be, but only until the bad guys looking to come from reputable ASNs find out about this.
Oh they have. It's been a big problem for my company. I assume Apple must work on this from their end, but any success would seem to undermine the privacy guarantee of the service.
"Bad guys" using Private Relay is one reason these IPs get blocked: one abuser can cause an entire block of people to get flagged as a single malicious user; and a big enough group of users can also look like a single malicious user to many blocklisting strategies, because they all share the same IP.
Only because without consumers using their IPs, they're a well established company with predictable uses. Once people use it for everything, then the reputation will drop.
Blocking based on ASN has never and should never be the frontline. It's the illusion of increased security with little actual impact. The bad guys are everywhere and if blocking an ASN has an improvement on your actual breaches then your security is total crap and always will be until you start doing the right things.