Blocking IP's / e-com fraud
From: Dan Tesch (dan.tesch_at_comcast.net)
Date: 12/30/04
- Previous message: Bénoni MARTIN: "NTLM authentication with Linux"
- Next in thread: Allan Wind: "Re: Blocking IP's / e-com fraud"
- Reply: Allan Wind: "Re: Blocking IP's / e-com fraud"
- Reply: Stian Øvrevåge: "Re: Blocking IP's / e-com fraud"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Wed, 29 Dec 2004 19:44:38 -0600
Hello, I am working with an e-commerce company.
They get a fair amount of attempted fraud but do a
decent job at ferreting this out during order processing.
There are several persons who attempt orders over
and over again - we can track their IP and the e-mail
address they attempt to use - we have blocked single
IP's in IIS before but one person in particular keeps
coming back placing small orders (like $40), our
suspicion is they are probing.
I have several questions:
Is there a resource anyone knows of to search for IP's
like this and/or e-mails people consistently use for fraud?
(Google hasn't been any help at all)
The person I referenced before keeps coming from different
IP's but all from the same range (home user with DHCP?)
In IIS if I want to block an entire range like:
XXX.78.0.0 - XXX.83.255.255
how should that look in the IIS Mgr?
do I need to make multiple entries like:
XXX.78.0.0
XXX.79.0.0
XXX.80.0.0, etc.?
and what should the subnet masks look like?
Thanks for any help or reference.
- Previous message: Bénoni MARTIN: "NTLM authentication with Linux"
- Next in thread: Allan Wind: "Re: Blocking IP's / e-com fraud"
- Reply: Allan Wind: "Re: Blocking IP's / e-com fraud"
- Reply: Stian Øvrevåge: "Re: Blocking IP's / e-com fraud"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
