On Tue, Jul 01, 2025 at 09:16:02PM -0500, Josh Reynolds via NANOG wrote:
The problem is the bots.
Bots are certainly a problem, but only one of many. There are also enormous cloud operations (*cough*) that are systemic and persistent sources and sinks of abuse and attacks; there are hosting operations that are the same; there are "security researchers" that launch repeated attacks; there's the IOT (which is why the "dumpsterfire" mailing list exists); there are large email operations that source/sink/support spam and phishing; there are ~1000 worthless gTLDs that are overrun with abusers; there are rapacious/abusive AI operations; and there are, unfortunately, a fair number of people pushing idiotic security theater (e.g., captchas, passkeys) that doesn't solve these problems, only (a) covers them up and/or (b) makes them worse. The best solutions I've found for these are combinations of null routing, firewall rules (including geographic restrictions), and members-only web sites. (E.g., dumpsterfire's archive is no longer public because of AI crawlers.) We can't have nice things generously built for the common good any more because there are too many selfish and greedy thugs who don't care about anything except their own wealth, power, and egos. ---rsk