Hacker News new | past | comments | ask | show | jobs | submit login

What would spoofing the IP of a packet when the underlying protocol requires a two-way handshake accomplish?



With CGNAT, a prepaid sim card and some effort, you can make them block a whole legit ISP in a few days without spoofing anything.


But the SIM card would need to from the particular ISP you are trying to block, otherwise you would be coming out of a different isps cgnat range, no?


Yeah, but many ISPs, especially smaller, have a same pool of ip addresses for all of their users in that 'region' (for whatever size and definition of a "region").

So with some effort, reconnections from/to a mobile network and many tcp/ip connectons, you can achieve that your device is connecting to the attacked site with many different (if not all) IP addresses from the ISPs pool, and if each of those is blocked, none of the legit users (using the same IP address pool) can access those services anymore.

Look at services like digitalocen with cheap virtual machines... even amazon... so many of their IP addresses were used for something "bad" and got blocked, that running a legit service on any of them can mean that a portion of your potential users won't be able to access them, because they'll be on some block list somewhere.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: