Hacker News new | ask | show | jobs
by sam_lowry_ 2116 days ago
@dang, I collected 5000 exit points of what seems to be sources of Kremlinbot activity here: https://gist.github.com/mikhailian/5d65694fdaaf0ccbab4c6cf39... watch out these are IPv4 and IPv6 formatted lists of subnets as exported from ipset.

There are some specifics to my use case, take this with a grain of sault. Hope this helps sorting genuine Putin-lovers from Kremlin bots.
2 comments
lazyjones 2116 days ago
I picked a random IPv4 address from this list and looked at it. It's a dynamic mobile IP address from Belgium, used by thousands of customers.

Come on people, apply some common sense and stop the hysteria.

link
sam_lowry_ 2116 days ago
I know, there are quite a few of those. Pick one of the subnets, they are more interesting.
link
lazyjones 2116 days ago
But what is somebody supposed to do with this list, when it contains dynamic IP addresses used by many people? Ban everything on it, based on the assumption that some of them are actually endpoints of suspicious activity, thereby preventing many innocent people from using the Internet?

At my previous company I dealt with all the scraping bots for 15 years, in the end I even banned all of Tor and many of the commercial proxy network providers, with the justification that our site (CSE) didn't need anonymous posting because there was nothing sensitive and no private information on it. But I couldn't ban dynamic IP addresses for more than a few minutes since all the abusers originating from them happily obtained a new address within seconds and continued the scraping, rendering the IP address pool used by their provider completely banned from using our site.

link
sam_lowry_ 2116 days ago
I should have filtered IP addresses, leaving only ranges before posting. Mea culpa.

IP addresses are blocked in a different context but land on the same list.

Still, to answer your question, dynamic IP addresses can be sticky. Where I operate, some ISPs lease the same IP address for each IP lease renewal. The only way to get an IP address is to wait until the lease expires by e.g. switching off the router.

link
dang 2116 days ago
Thanks! I'll take a look. Feel free to ping me at hn@ycombinator.com if you likeā€”it can take time to get to something like this but we're definitely willing.
link
singularity2001 2116 days ago
It would be very helpful if there was a follow up post to confirm whether in this specific case the insinuations were justified
link
dang 2116 days ago
In which specific case?

Edit: I've now had a chance to examine this data. It turns out that the IP ranges in that list are so broad as to cover more than 50% of the posts on HN.

link