iBurst External IP Ranges

S

swordfish1

Expert Member
Joined
Apr 10, 2005
Messages
3,304
Reaction score
6
Hi guys,

We have developed a blacklisting system on our web site to try reduce the enormous amount of fraud transactions we get every day. One of the pieces of information we use to detect potential fraud is the client's IP address. Unfortunately, there are some networks, like iBurst, where it appears that many unrelated (completely different location) people are sharing a single IP, meaning that using the IP address leads to the possibility of blocking legitimate customers, which happen to share the same network as some fraudster. Clearly not a good thing to block legitimate customers!

Now, my question is, does anyone know the range of IP addresses that iBurst uses? Also, are you aware of any other networks in South Africa, which share the same IP among unrelated customers, at any given point in time? If so, do you know their IP ranges? If you do not know the IP ranges, but you are using one of these networks, would you mind posting your external IP address, perhaps excluding the last number (if you are concerned about your privacy), e.g. post it as 196.1.2.*, so I can get an idea of the ranges.

You help is very much appreciated!

PS: Wish all fraudsters happy lightening season, hope you get struck by one!
 
Problem is transparent proxies that most ISP's use.
 
RVQ said:
Problem is transparent proxies that most ISP's use.
Click to expand...

We have a schedule to remove and improve the transparency but this was impacted by some situations beyond our control (but it is back on track again).

Unluckily we cannot publicly publish IP due to the fact that that this will be used for scanning and hacking.

Regards
 
swordfish1 said:
Hi guys,

We have developed a blacklisting system on our web site to try reduce the enormous amount of fraud transactions we get every day. One of the pieces of information we use to detect potential fraud is the client's IP address. Unfortunately, there are some networks, like iBurst, where it appears that many unrelated (completely different location) people are sharing a single IP, meaning that using the IP address leads to the possibility of blocking legitimate customers, which happen to share the same network as some fraudster. Clearly not a good thing to block legitimate customers!

Now, my question is, does anyone know the range of IP addresses that iBurst uses? Also, are you aware of any other networks in South Africa, which share the same IP among unrelated customers, at any given point in time? If so, do you know their IP ranges? If you do not know the IP ranges, but you are using one of these networks, would you mind posting your external IP address, perhaps excluding the last number (if you are concerned about your privacy), e.g. post it as 196.1.2.*, so I can get an idea of the ranges.

You help is very much appreciated!

PS: Wish all fraudsters happy lightening season, hope you get struck by one!
Click to expand...

The problem here Swordfish1 is that 99% of Consumer networks in South Africa have Dynamic IP Addresses. If you start blocking people based on an IP Address, that means that any legitimate customer may be blocked.

To give you an example. If I connect with my CellC modem I receive an IP Address, if I disconnect it and connect straight away again, my IP changes. Do you see how this will effect everyone?

You need to think of other solutions to this problem. It's a bit hard to give advice, with the amount of information you gave. Is this credit card fraud, scammers ordering and not paying? How are you affected? There are some clever people here that may give the advice you need.
 
I recently had a stalker from ibursts network, and there was not enough legal recourse for me to follow to solve the stalker situtation with iburst, so I banned the entire Iburst range from our servers. The ban looks something like this:

Code: 
Current IP addresses being blocked:

Server Setting	Beginning IP	 	Ending IP	
196.2.126.172	196.2.126.172	-	196.2.126.172	

196.2.96.0/19	196.2.96.0	-	196.2.127.255

If iburst had enabled me to see the IP of the stalker (instead of the proxy server he was connecting through), and did not have dynamic IPs, then I could have easily dealt with this by just banning the offenders IP, but because this is not how iburst have their network setup... Ive had to go the extreme route. I see this is exactly the same issue you are facing.


Hope that helps.
 
Last edited:
ghoti said:
If iburst had enabled me to see the IP of the stalker (instead of the proxy server he was connecting through), and did not have dynamic IPs, then I could have easily dealt with this by just banning the offenders IP, but because this is not how iburst have their network setup... Ive had to go the extreme route. I see this is exactly the same issue you are facing.


Hope that helps.
Click to expand...
Even if you blocked the offender's IP, he/she could easily switch off the connection for a few minutes and reconnect and obtain a new IP, since it's dynamic. Putting you back to step 1.
 
teraside said:
Even if you blocked the offender's IP, he/she could easily switch off the connection for a few minutes and reconnect and obtain a new IP, since it's dynamic. Putting you back to step 1.
Click to expand...

He would have to change ISP`s with my block. Which is fine by me, gives me more data to track him.
 
r00igev@@r said:
We have a schedule to remove and improve the transparency but this was impacted by some situations beyond our control (but it is back on track again).
Click to expand...

Hope this sorts out the FileServe problems.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X