These ranges all earned their block through various bad behavior, however I cannot define exactly what the term ChinaCache means. Is it truly a caching service used by valid networks similar to AOL? Or is it an anything goes term more like YahooCache that gets sold to the highest bidder?
Not sure how true this is - there is some indication it may be a panic attack. From memory and checking back on earlier threads hereabouts (see above) I think Huawei is involved with chinacache - they were certainly involved with talktalk.
"...former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations."
IF it is true then we're doomed. Not that the internet isn't a total mess anyway, with almost every phone, web browser, web tool and general computer software full of compromises and loopholes and its very protocol complete exploitable rubbish. Reports that USA-overflying drones will soon be seen and have major exploit holes; even our (UK) electricity meters will soon be internetted and then we're really stuffed. :(
I noticed a bad hit today on an IP range new to me...
This resolved to ChinaCache in China, declared in DNS in short sub-ranges. It may not be an offensive botrunner, although the actual hit had a bad UA and hit half a dozen times in the past 6 weeks, but I've tagged the full range as "servers" through nostalgia. :)
IP: 223.202.8.nn UA: Mozilla/4.76 [en] (Windows NT 5.0; U) (Netscape on Windows 2000?)
DNS gives: Beijing Blue I.T Technologies Co.,Ltd. Galaxy Building,No.10 jiuxianqiao ,chaoyang District,beijing Please contact (name)@chinacache dot com if you have any Questions regarding this object.
I find there are good and bad chinese ranges. Some give me no trouble, other ranges are continually having IPs blocked.
Best I can come up with at present is by district. Some chinese districts seem - not lawless, perhaps, but at least careless at getting infected.
My response is to block all (known) chinese ranges on some sites but let other sites fend for themselves (obviously depending on various other traps set). If a range gets a high blocked-IP count the /16 or whatever is banned completely.
I do try to be fair. :)
Re: /8 blocking - I think IANA have a lot to answer for. Along with most internet practices and protocols, it's not very clever. Somewhere around the mid-1990s it should all have been scrapped and proper mechanisms, ranges, protocols etc put in place. Bit late, now, although ipv6 may answer a few minor criticisms. Plus ALL DNS registrations should be forced to declare purpose (DLS, server etc) and NO IP range should be registered using hotmail/gmail/yahoo/etc addresses (unless, obviously, the range belongs to those companies). And ALL companies should be compelled to declare their mail server IPs so I can whitelist the darn things. Etc. :(
Until the late 1990s we had AUNIC with its own delegated super slice of 203 (18.104.22.168 - 22.214.171.124 IIRC), so detecting an Aussie was reasonably easy. There were still a few webmasters that thought blocking 126.96.36.199/8 was the easy answer to getting rid of Chinese IPs, though.
Things are nowhere near as simple these days now that APNIC allocates IPs for members located throughout the entire Asia Pacific region, so blocking Chinese or other unwanted asian IPs needs to be done on a per allocation basis.
FWIW I've been having lots of problems with scrapers from Chinese IPs that present a 'zh' (Chinese) browser language. I set up my auto-blacklist code (which looks for fingerprints such as loads with blank referers, cookies disabled, or a changing user-agent each fetch) to have a much lower threshold in this case.