Home page logo

basics logo Security Basics mailing list archives

Blocking IP's / e-com fraud
From: "Dan Tesch" <dan.tesch () comcast net>
Date: Wed, 29 Dec 2004 19:44:38 -0600

Hello, I am working with an e-commerce company.
They get a fair amount of attempted fraud but do a
decent job at ferreting this out during order processing.

There are several persons who attempt orders over
and over again - we can track their IP and the e-mail
address they attempt to use - we have blocked single
IP's in IIS before but one person in particular keeps
coming back placing small orders (like $40), our
suspicion is they are probing.

I have several questions:

Is there a resource anyone knows of to search for IP's
like this and/or e-mails people consistently use for fraud?
(Google hasn't been any help at all)

The person I referenced before keeps coming from different
IP's but all from the same range (home user with DHCP?)

In IIS if I want to block an entire range like:

XXX.78.0.0 - XXX.83.255.255

how should that look in the IIS Mgr?

do I need to make multiple entries like:
XXX.80.0.0, etc.?

and what should the subnet masks look like?

Thanks for any help or reference.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]