Date: Tue, 6 Aug 2019 22:09:09 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: Michael Sierchio <kudzu@tenebras.com>, "ipfw@FreeBSD.org" <ipfw@freebsd.org>, starikarp@dismail.de Subject: Re: amazonaws Message-ID: <201908070509.x77599mf085976@gndrsh.dnsmgr.net> In-Reply-To: <201908070459.x774xLDT085942@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes < > > freebsd-rwg@gndrsh.dnsmgr.net> wrote: > > > > > > Hi! > > > > > > > > Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I > > > > have a table with many amazonasws IPs but every time when I start > > > > Firefox it shows the new one (I am checkong with tcpdump). > > > > > > Since it is almost impossible to keep up with the IP's.... > > > > > > > This is not even remotely true. > > > > https://ip-ranges.amazonaws.com/ip-ranges.json ^^^ > > > > is kept up-to-date, and you can subscribe to an SNS topic to be notified of > > changes: > > That is ALL amazon address space, not the specific "compute.amazonasws.com" ^^^^ > address only. I do not see how you can derive the valid values of this > from the presented URL. Notice the small descrete non equal domain name? This is not even amazon aws at all, only made to look like it: Domain Name: amazonasws.com Registry Domain ID: 1907818131_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.psi-usa.info Registrar URL: https://www.psi-usa.info Updated Date: 2019-07-01T05:31:07Z Creation Date: 2015-03-06T19:40:26Z Registrar Registration Expiration Date: 2020-03-06T19:40:26Z Registrar: PSI-USA, Inc. dba Domain Robot Registrar IANA ID: 151 Registrar Abuse Contact Email: domain-abuse@psi-usa.info Registrar Abuse Contact Phone: +49.94159559482 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: REDACTED FOR PRIVACY Registrant Name: REDACTED FOR PRIVACY Registrant Organization: HUSH IP LLC Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: AZ Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: US Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: REDACTED FOR PRIVACY Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: REDACTED FOR PRIVACY Registrant Email: https://contact.domain-robot.org/amazonasws.com Registry Admin ID: REDACTED FOR PRIVACY Admin Name: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Street: REDACTED FOR PRIVACY Admin City: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Phone: REDACTED FOR PRIVACY Admin Phone Ext: REDACTED FOR PRIVACY Admin Fax: REDACTED FOR PRIVACY Admin Fax Ext: REDACTED FOR PRIVACY Admin Email: https://contact.domain-robot.org/amazonasws.com Registry Tech ID: REDACTED FOR PRIVACY Tech Name: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Street: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Phone: REDACTED FOR PRIVACY Tech Phone Ext: REDACTED FOR PRIVACY Tech Fax: REDACTED FOR PRIVACY Tech Fax Ext: REDACTED FOR PRIVACY Tech Email: https://contact.domain-robot.org/amazonasws.com Name Server: ns1.parkingcrew.net Name Server: ns2.parkingcrew.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/ >>> Last update of WHOIS database: 2019-08-07T05:03:35Z <<< > > > arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged > > > > > > > > You could put the entire contents, or a portion of it, in an ipfw table and > > swap tables atomically upon change. > > Which would block ALL amazon hosted services, not just the specific > that is "compute". > > # drill compute.amazonasws.com > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35891 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 > ;; QUESTION SECTION: > ;; compute.amazonasws.com. IN A > > ;; ANSWER SECTION: > compute.amazonasws.com. 600 IN A 185.53.179.8 > > ;; AUTHORITY SECTION: > amazonasws.com. 172799 IN NS ns2.parkingcrew.net. > amazonasws.com. 172799 IN NS ns1.parkingcrew.net. > > ;; ADDITIONAL SECTION: > ns1.parkingcrew.net. 300 IN A 13.248.158.159 > > > Which I believe to be an advertising sprinkler used by all > sorts of stuff to spam your browser with a random ad page. Defanitly confirmed, each open of the url: http://compute.amazonasws.com takes you to a new spam ad > > > > -- > > > > "Well," Brahm? said, "even after ten thousand explanations, a fool is no > > wiser, but an intelligent person requires only two thousand five hundred." > > > > - The Mah?bh?rata > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > -- > Rod Grimes rgrimes@freebsd.org > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908070509.x77599mf085976>