Windows CE would indicate some kind of portable device. That UA is actually on my 'valid' list. But as you posted, there's no useful rDNS info on this range.

One thing you need to be aware of is that some fairly large corporations use SL as their ISP, so if you want "corporate lunchtime shoppers and visitors," you may have to add some smaller-range exclusions to your larger blocked ranges. In these cases, there generally *is* a useful rDNS lookup on the corporation's range.

Jim

use SL as their ISP

I wasn't aware of this, Jim. Thought large corporations used SL as their website host. This complicates things in terms of blocking huge swaths of IP Addresses.

Gary,
What Jim has explained is likely the EXCEPTION, rather than the rule.

Seem to recall that there are SOME sub-net ranges of SL registered to others.

sub-net searches at ARIN are still possible, however they are more complicated (as well as more restrictive) than in previous years. (I've almost stopped attempting sub-net searches, although do have some saved from previous years; NONE for SL).

Good point, Don. I think my attitude is going to wind up being, if your boss is dumb enough to have as his ISP what is essentially a data center for hosting servers, then you as his employee will get what you deserve. Which is to say you get banned/blocked just like the bots your inconsiderate bosses let loose on my websites. If I lose a little business in the process, so be it. My money sites are mostly all subscription-based hobby sites that I'm sure most people don't surf from work.

It's not necessarily the "ISP" or datacenter services that the corporations make use of. They are essentially renting a "big fat wide internet pipe" -- a connection to the high-tier network backbone. Or perhaps they might host a filtering proxy in the datacenter -- or both.

Anyway, the problem with these 'bandwidth providers' is that they don't seem to monitor the traffic except in gigabytes. They don't look at the HTTP level, which is why we have problems with requests coming from services like these.

Unfortunately, it'll probably get worse and worse as companies outsource their previously-in-house IT functions to service providers, and outsource their computing to 'the cloud.'

Frankly, I block big swaths myself, and then if I see click-throughs to my "More information on this (403) error" page, I investigate and unblock smaller chunks as needed. Some 'bots "click" on that link on my (terse) 403 error page, but they typically then don't fetch anything but the HTML of the "info" page. So it's fairly easy to take that, plus the source and nature of the original request that triggered the 403, plus the request headers, and make a call on bot/no-bot.

Anyway, it was just a heads-up that there might possibly be *some* legit traffic from SL, just like there is some legit traffic from Amazon Cloud -- a few mobile subscriber services.

Jim

OK, thanks, Jim. Your advice is always appreciated. Sorry if it didn't seem like it. :)