Hacker News new | ask | show | jobs
by edw 2180 days ago
How about hashing IPs? You could still see if someone were on your abuse list if abusers.contains(hashfn(req.addr)).
2 comments
KenoFischer 2180 days ago
Doesn't help for two reasons 1) If the has has enough bits to be useful for blocking, it's trivial to reverse 2) Even if it did make the IPs anonymous, we want to be able to email the NOC at whoever is sending the abusive traffic, so they can go investigate
link
j88439h84 2180 days ago
> we want to be able to email the NOC at whoever is sending the abusive traffic, so they can go investigate

If you block their traffic with HTTP 429 Too Many Requests, they can email you instead.

link
KenoFischer 2180 days ago
We prefer not to break researchers' workflow because the group next door misconfigured their server. Happens all the time. We only sinkhole IPs if the traffic is malicious or on track to exceed or budget.
link
codedokode 2180 days ago
Hash of IPv4 address can be easily reverted because there is a limited number of addresses.
link