Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. (www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple of times (all those IP are registered with country=CH @RIPE since decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
Question is why Geoblocking at all, its a form of Censorship which should be condemned
btw: Even Coop is calling for Globalisation ;)
Just my 5 cent's
Am 28.02.2021 um 12:33 schrieb Benoit Panizzon:
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. (www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple of times (all those IP are registered with country=CH @RIPE since decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
Hello,
I think it could be a security problem. Coop is working with Money and Points in Switzerland. And in other countries you can't order products. But Coop and Migros clients has attacs to the Points. (Profit and Cumulus form other countries. I think the Blocking is to make a litter saver. And Migros and Coop are not delivery things in other countries... Greetings Xaver
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von roger mgz Gesendet: Sonntag, 28. Februar 2021 14:53 An: swinog@lists.swinog.ch Betreff: Re: [swinog] Coop.ch geoblocking?
Question is why Geoblocking at all, its a form of Censorship which should be condemned
btw: Even Coop is calling for Globalisation ;)
Just my 5 cent's
Am 28.02.2021 um 12:33 schrieb Benoit Panizzon:
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. (www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple of times (all those IP are registered with country=CH @RIPE since decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hello, In the last time more local internet Radios must acitive geoblocking. You can check this too. There is the Problem. The company audion-music.ch. Want money for every transmission which is not in Switzerland. Normaly in Switzerland is the Suisa for this. When you must pay to an other company it will be lot money to pay. And you don't know if other companies will money to... Greetings Xaver
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von roger mgz Gesendet: Sonntag, 28. Februar 2021 14:53 An: swinog@lists.swinog.ch Betreff: Re: [swinog] Coop.ch geoblocking?
Question is why Geoblocking at all, its a form of Censorship which should be condemned
btw: Even Coop is calling for Globalisation ;)
Just my 5 cent's
Am 28.02.2021 um 12:33 schrieb Benoit Panizzon:
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. (www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple of times (all those IP are registered with country=CH @RIPE since decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Censorship is a third party forbidding you access to some information. Someone saying I only want grant access to my information/website to some people is at their discretion. That is, if some othortity would tell Coop to restrict access, they would otherwise give, then itt's censorship.
Why would I even say this: Because if you muddle the meanings of censorship you essentially are normalizing censorship. If everything is censorship, than nothing is censorship.
Best Serge
On 28/02/2021 14:52, roger mgz wrote:
Question is why Geoblocking at all, its a form of Censorship which should be condemned
btw: Even Coop is calling for Globalisation ;)
Just my 5 cent's
Am 28.02.2021 um 12:33 schrieb Benoit Panizzon:
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'. (www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple of times (all those IP are registered with country=CH @RIPE since decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-- Serge Droz Security Lead Proton Technologies AG
157.161.57.65 => blocked (main NAT ip) 157.161.57.66 => Ok (a static server ip not used anymore) 157.161.57.68 => Ok (a static client ip) 157.161.57.70 => blocked (alternate NAT ip seldom used) 157.161.5.199 => blocked (Gateway IP, not usually used as src, except local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there are other criteria they use for blocking?
Perhaps they're using some outdated OS where the distributor never bothered to update the geocoding libraries, even when they were obsoleted upstream, such as [1] :)
Jokes aside, perhaps they also have some sort of blocking heuristic in place that goes beyond plain country-based blocking. Did you do anything from those IPs that could have gotten you onto some (unrelated) blocking lists?
[1] https://rpmfind.net/linux/RPM/centos/7.9.2009/x86_64/Packages/GeoIP-1.5.0-14...
Follow up on this.
They use this service: https://www.brightcloud.com/tools/url-ip-lookup.php
Which list the affected IP in 'high risk' category 'proxy'.
I opened a case with them to find out the cause.
They delistet 157.161.57.65 but not 157.161.57.70. Maybe I should change the PTR of the later one :-). That only was an exit for very short time (immediate abuse complaints).
Also 'Tor' is a separate category. So if my experiments with Tor triggered that issue, why didn't they list it as 'Tor' which they have as a category.
Another cause might be, that I use a transparent proxy to cache some content in my LAN. But that only is accessible from my LAN, but of course this might inject HTTP header indicating the proxy connection.
Also L2TP and PPTP is accessible, so I can access my private ipv4 space from outside. So did they scan for those services and flag it as 'proxy'?
I'm looking forward for their reply.
Hi,
On Wed, Mar 03, 2021 at 10:44:25AM +0100, Benoît Panizzon wrote:
Also L2TP and PPTP is accessible, so I can access my private ipv4 space from outside. So did they scan for those services and flag it as 'proxy'?
Given that PPTP auth is roughly equivalent to "no access control", I'd strongly recommend against using that in 2021...
(https://www.heise.de/security/artikel/Der-Todesstoss-fuer-PPTP-1701365.html - this was 2012)
Gert Doering -- NetMaster
yeah .. blocking connection from an proxy, i step more and more in such crazy sites, mostly i close the session and forgett about it
there are a lot of reason to use a Proxy, i think this is a similar paranoia based behaviour as filtering ICMP echo or worse ICMP at all. i think its just die idea to keep other Admin busy with investigate why the users are not able to open the Page, other explanation i dont have. i will be shure they would even call telnet to www.blick.ch 80 as evil and insecure :D, because Telnet is insecure, they read on PC Bild :D
Roger
On 03.03.2021 10:44, Benoît Panizzon wrote:
Follow up on this.
They use this service: https://www.brightcloud.com/tools/url-ip-lookup.php
Which list the affected IP in 'high risk' category 'proxy'.
I opened a case with them to find out the cause.
They delistet 157.161.57.65 but not 157.161.57.70. Maybe I should change the PTR of the later one :-). That only was an exit for very short time (immediate abuse complaints).
Also 'Tor' is a separate category. So if my experiments with Tor triggered that issue, why didn't they list it as 'Tor' which they have as a category.
Another cause might be, that I use a transparent proxy to cache some content in my LAN. But that only is accessible from my LAN, but of course this might inject HTTP header indicating the proxy connection.
Also L2TP and PPTP is accessible, so I can access my private ipv4 space from outside. So did they scan for those services and flag it as 'proxy'?
I'm looking forward for their reply.
all,
from what I saw within the last years, more and more companies us cloud based proxy services (like e.g. McAfee Cloud proxies). Since these proxies are sometimes misused to produce nonsense (do evil things) on the internet through these proxies, site admins block IPs belonging to that individual proxy - leaving he other IPs belonging to the local (country assigned)cluster's proxies alone, some of the nodes work for certain sites and some not ...
----- Am 3. Mrz 2021 um 22:04 schrieb Roger roger@mgz.ch:
yeah .. blocking connection from an proxy, i step more and more in such crazy sites, mostly i close the session and forgett about it
there are a lot of reason to use a Proxy, i think this is a similar paranoia based behaviour as filtering ICMP echo or worse ICMP at all. i think its just die idea to keep other Admin busy with investigate why the users are not able to open the Page, other explanation i dont have. i will be shure they would even call telnet to www.blick.ch 80 as evil and insecure :D, because Telnet is insecure, they read on PC Bild :D
Roger
On 03.03.2021 10:44, Benoît Panizzon wrote:
Follow up on this.
They use this service: https://www.brightcloud.com/tools/url-ip-lookup.php
Which list the affected IP in 'high risk' category 'proxy'.
I opened a case with them to find out the cause.
They delistet 157.161.57.65 but not 157.161.57.70. Maybe I should change the PTR of the later one :-). That only was an exit for very short time (immediate abuse complaints).
Also 'Tor' is a separate category. So if my experiments with Tor triggered that issue, why didn't they list it as 'Tor' which they have as a category.
Another cause might be, that I use a transparent proxy to cache some content in my LAN. But that only is accessible from my LAN, but of course this might inject HTTP header indicating the proxy connection.
Also L2TP and PPTP is accessible, so I can access my private ipv4 space from outside. So did they scan for those services and flag it as 'proxy'?
I'm looking forward for their reply.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-
Benoit Panizzon -
Benoît Panizzon
-
Gert Doering -
Gregor Riepl -
Ralph Krämer -
Roger -
roger mgz
-
Serge Droz -
Xaver Aerni