Remix.run Logo
rkagerer 2 hours ago

Some kind of source IP masking would be prudent. As you pointed out, some of those machines are compromised, and you aren't making their owners' lives any easier.

Bad actors might use the data you're publishing to fingerprint specific exploits to which the machines are vulnerable, multiplying the problem.

If producing an IP blacklist is one of your aims, divorcing it from any specific traffic would be more responsible.

You may also want to consider the risk traffic from compromised machines could leak PII (eg. say a script tried to use you as a relay to exfiltrate data) - and the ethical and legal consequences. A filter for SIN, credit cards, etc. would be a basic table-stakes mitigation step.

ryandrake an hour ago | parent [-]

> Some kind of source IP masking would be prudent. As you pointed out, some of those machines are compromised, and you aren't making their owners' lives any easier.

Hard for me to find much sympathy for negligent users who unintentionally allowed their home computers or phones to join a malicious botnet, or their ISPs who aren't stopping the activity. Even if it is my own grandma's PC.

I agree about the content though, there probably are a lot of actually innocent victims' personal information in the traffic itself.

dpoloncsak 12 minutes ago | parent | next [-]

I disagree personally. If these IPs are being used to attempt to gain unauthorized access, it's better to make the public aware, imo.

taftster an hour ago | parent | prev [-]

Easy for you to say, assuming your PC is clean. I don't think negligent is the right word though. Ignorant maybe? Or some form of naivety? The negligence might be on software or hardware vendors, but grandma isn't to blame for the problem.