Who's to say the they aren't operating their own TOR nodes?Which overlay network would you bet on?
When I worked in telecom, I did this at an ISP level (serving us, multiple ISP clients, and many hosted domains). It worked until we discovered that many US companies were buying blocks in those regions and not updating WHOIS information. So the IP was still technically homed in that country despite being used and routed in a US based DC. Kinda sucks do to an IP lookup, have it marked as RIPE or AFRINIC, with a corresponding address in that region, and find out that the delegated owner is Bank of America or UPS and the route points to AWS-West or other equivalent.Generally, geoblocking has been a customer side implementation. But to me, it's never really made sense as a block at the isp level would save the isp bandwidth and also serve the customer better.
So I finally got someone one the phone at Charter/Spectrum that was able to do exactly this by pushing a script to the modem to only allow domestic traffic. Now, you can't even ping the IP from outside the US (in the brief testing that I've been able to do).
Anyone else had something like this set up with their ISP? Who did you talk to that made it happen and which ISP was it? I have 2x other ISP accounts I oversee and am going to see if they can implement the same thing.
I just got off the phone with Charter/Spectrum residential and they couldn't implement the same solution that the business side was able to do, so this may vary even with the type of connection one has.
Yep, it's definitely not foolproof and very easy to circumvent (hack a US host and use their IP), but it does eliminate most of the low hanging fruit.When I worked in telecom, I did this at an ISP level (serving us, multiple ISP clients, and many hosted domains). It worked until we discovered that many US companies were buying blocks in those regions and not updating WHOIS information. So the IP was still technically homed in that country despite being used and routed in a US based DC. Kinda sucks do to an IP lookup, have it marked as RIPE or AFRINIC, with a corresponding address in that region, and find out that the delegated owner is Bank of America or UPS and the route points to AWS-West or other equivalent.
I think you answered your own question on why this isn't doneYep, it's definitely not foolproof and very easy to circumvent (hack a US host and use their IP), but it does eliminate most of the low hanging fruit.
I don't really thing it has no value as it's yet another hoop to jump through. No different than locks on doors.I think you answered your own question on why this isn't done
- no real value. any series attempt to scan/hack you will just as easily come from 'on-shore'
- no real protection against phishing or other attacks. a person who is rushing to click on 'you wouldn't believe what she (actress XYZ, whatever) was wearing! spectators were shocked!' , would continue to click on these things as lemmings.
- massive administrative overhead , why is my stuff not working? prove to me that it was not you ,ISP, that broken it, etc.
-against the approach that internet/connectivity is a utility. traffic is traffic same as energy is energy, electricity is electricity - there is no such thing as pink electrons/electricity, green electrons, brown electrons, whatever. power is power. applies very much to 'belief' in "green power" vs whatever power - electric power is electric power, physics does not care about our politics. same as there is no green gravity or pink gravity or blue gravity, it is just gravity.
- lastly, it could be very economically damaging to US if/when other powers would respond in kind. You block traffic between US and anything outside of it? how about we then block anything coming from or passing through US? you had some commerce before - it is gone. payment systems (google, apple, amazon, paypal, whatever) -gone. social networks and their advertisement? all gone. jobs associated with all of the above and with FAANG in particular -gone. Good luck to be limited to serving your 4% of the world population (US population vs global) and 16% (and decreasing YoY) of the worlds GDP. I don't want that for my county, we greatly benefit from being global and much prefer for trade/traffic/communication to be as open and connected as possible..
in short, overall little value for a lot of pain -> thus no movement.
few things to sayExcept that Internet isn't a utility or it would be treated and regulated as one. These are private companies that don't answer to anyone but themselves. Utilities have a lot more regulatory responsibility and controls. The day this changes, things like mitigating cyberwarfare attacks before it gets to the citizens will come within their scope--for the good of the whole nation.