Known university IP ranges

[jswelker]

Hi Paul,

You mentioned some of my submissions matched known university IP ranges. Do you think we could add another document to this repository listing those ranges so we can avoid submitting those in the future?

[prbutler]

Hi Josh, Thanks for the suggestion!

So are you thinking about a list of university IPs that have been used for fraudulent activity, submitted to the blacklist by users, but not added to the blacklist itself? I've always encouraged folks that submit such IPs to reach out to the school and make them aware of the potential breach, providing them with the relevant logs entries. I think this could be manageable, though I wonder if institutions would take offense to being on the list. =)

Or are thinking about a larger project that is a list of all known university IPs? If so a similar idea has been kicked around on the EZproxy listserv several times, and something I've considered myself. Below are a few previous examples I have found. My two concerns about this project are: 1. Management overhead - I'm not sure I have the time to maintain such as list on my own. 2. There are legitimate reasons a user would be at University A and logging into University B's proxy, such as visiting scholars doing research or conference attendees. Though it is common for VPNs to be used to hide a hacker's location.

One example: https://github.com/bertrama/ezproxy-config Another example: https://bitbucket.org/pieralexandre/world-university-ip/wiki/Home

Cheers, Paul

[jswelker]

I was thinking of the latter option, just a big list of all known university IPs. It would be very bulky for one person to manage, I suppose. Without it, I'm not sure how we create a blacklist that doesn't accidentally include many university IPs. I guess we could just run them through a WHOIS before adding them and omit them if a university name comes up.

On Mon, Mar 26, 2018 at 3:37 PM, PaulTheLibrarian notifications@github.com wrote:

Hi Josh, Thanks for the suggestion!

So are you thinking about a list of university IPs that have been used for fraudulent activity, submitted to the blacklist by users, but not added to the blacklist itself? I've always encouraged folks that submit such IPs to reach out to the school and make them aware of the potential breach, providing them with the relevant logs entries. I think this could be manageable, though I wonder if institutions would take offense to being on the list. =)

Or are thinking about a larger project that is a list of all known university IPs? If so a similar idea has been kicked around on the EZproxy listserv several times, and something I've considered myself. Below are a few previous examples I have found. My two concerns about this project are:

1. Management overhead - I'm not sure I have the time to maintain such as list on my own. 2. There are legitimate reasons a user would be at University A and logging into University B's proxy, such as visiting scholars doing research or conference attendees. Though it is common for VPNs to be used to hide a hacker's location.

One example: https://github.com/bertrama/ezproxy-config Another example: https://bitbucket.org/pieralexandre/world- university-ip/wiki/Home

Cheers, Paul

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/prbutler/EZProxy_IP_Blacklist/issues/3#issuecomment-376303288, or mute the thread https://github.com/notifications/unsubscribe-auth/ADlTanO_yFo_iL__TdUarWnFBV4fAZ--ks5tiVFsgaJpZM4S7sel .

[atc0005]

@jswelker: Without it, I'm not sure how we create a blacklist that doesn't accidentally include many university IPs.

You could occasionally ask for users on the EZproxy mailing list to make sure that their IPs are not included. It's not foolproof, but it's a start.

[atc0005]

@jswelker: Without it, I'm not sure how we create a blacklist that doesn't accidentally include many university IPs.

You could occasionally ask for users on the EZproxy mailing list to make sure that their IPs are not included. It's not foolproof, but it's a start.

On a related note, I see that our ranges are in these files:

• https://github.com/prbutler/EZProxy_IP_Blacklist/blob/master/EZProxy_IP_Blacklist_RejectIP.txt

• https://github.com/prbutler/EZProxy_IP_Blacklist/blob/master/EZProxy_IP_Blacklist_IFIP.txt

Is there any way that we can see what incident(s) caused them to be listed? I'm happy to spin off a separate issue for this or contact (or be contacted) directly if that helps.

[prbutler]

@jswelker At the start of this project I received dozens of text files, spreadsheets, PDFs, and emails with thousands of addresses from listserv members. It took time to clean-up, but it was manageable, and this was the initial set of blacklist IPs. Since the initial rush IPs come in as a trickle, usually one or two IPs per email. In this scenario it is super easy for me to do a manual lookup using https://www.iplocation.net. If a user submits an IP from a school I let the sender know and do not add it to the list. This workflow only becomes problematic when I get a large list of IPs. I think your set was the largest collection I received in a year or two. It was just manageable enough to manually lookup all the single IPs.

So in terms of my own workflow, having a large list of university IPs we maintain isn't particularly needed right now. If several members of the community come forward expressing interest/need for such a list with volunteers willing to help manage it I would be happy to work on such a project.

[prbutler]

@atc0005 I like this idea, and I do occasionally have folks reach out to me asking to remove an IP. It is always from the initial massive creation/load of the list.

If you want to send me (prbutler@bsu.edu) your IP(s) that are on the list I can look back through my notes and see when/who submitted them. I can also be sure to remove them during the next update.

[prbutler]

Looks like we are good. Thanks for your assistance. Cheers, Paul