Comment by mrweasel
14 hours ago
While it would allow us to be more specific with the IPs, it would entail blocking 500.000 IPs, or more. That quickly becomes unmanageable as well.
What I'd love to see is a service where websites could report abuse to ISPs, who would then take the misbehaving customers offline, until their system or behavior is fixed. Right now there's zero incentives to take customers offline, neither for ISP, nor cloud providers.
> it would entail blocking 500.000 IPs, or more. That quickly becomes unmanageable as well.
Companies don't seem to have a tough time managing the blocks for all the various ranges of all the VPS providers to prevent you from using VPNs to access their services. Somehow, I don't think blocking 500,000 IPs is a technical problem.
I also suspect that once you start getting effective IP blocking, that 500,000 number will drop quite rapidly as it simply won't be so profitable to commandeer a device.
> What I'd love to see is a service where websites could report abuse to ISPs, who would then take the misbehaving customers offline, until their system or behavior is fixed.
IPv4 CGNAT is part of that problem, too. Because of CGNAT, the offending IPs get "tumbled" and are more difficult to identify from outside the ISP. Consequently, it makes it difficult to punish the ISPs. Without IPv4 CGNAT, those IPs are more stable over time and can be identified outside the ISP boundary. If ISPs start losing customers because everybody in the universe has blocked various ranges, the ISPs will start blocking devices at origin.