Re: Proposal to apply mask to IP address set on rule

To: Robert Swindells <rjs%fdy2.co.uk@localhost>
Subject: Re: Proposal to apply mask to IP address set on rule
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sat, 24 May 2025 15:06:55 -0400

Robert Swindells <rjs%fdy2.co.uk@localhost> writes:

> Greg Troxel <gdt%lexort.com@localhost> wrote:
>> When you are trying to block a neighborhod around an offender, you are
>> just guessing at the subnet size that is likely under the same
>> administrative control.
>
> Isn't the whois record for the address expected to have the correct
> subnet size?
>
> That is what I have always used when adding an entry to a npf blocklist.

Maybe, but it seems there are hosting companies and then somebody gets a
/24.  I have become less concerned about collateral damage over time.
If you've found that there are whois records for small subnets delegated
to customers of a hosting company, that's interesting.

(How one comes up with the mask is orthogonal to the ok/warning/error
discussion.)

Follow-Ups:
- Re: Proposal to apply mask to IP address set on rule
  - From: Mouse

References:
- Re: Proposal to apply mask to IP address set on rule
  - From: Robert Swindells

Prev by Date: Re: Proposal to apply mask to IP address set on rule
Next by Date: Re: Proposal to apply mask to IP address set on rule
Previous by Thread: Re: Proposal to apply mask to IP address set on rule
Next by Thread: Re: Proposal to apply mask to IP address set on rule
Indexes:

Home | Main Index | Thread Index | Old Index