amazonaws
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Wed Aug 7 05:09:18 UTC 2019
> > On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> > freebsd-rwg at gndrsh.dnsmgr.net> wrote:
> >
> > > > Hi!
> > > >
> > > > Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I
> > > > have a table with many amazonasws IPs but every time when I start
> > > > Firefox it shows the new one (I am checkong with tcpdump).
> > >
> > > Since it is almost impossible to keep up with the IP's....
> > >
> >
> > This is not even remotely true.
> >
> > https://ip-ranges.amazonaws.com/ip-ranges.json
^^^
> >
> > is kept up-to-date, and you can subscribe to an SNS topic to be notified of
> > changes:
>
> That is ALL amazon address space, not the specific "compute.amazonasws.com"
^^^^
> address only. I do not see how you can derive the valid values of this
> from the presented URL.
Notice the small descrete non equal domain name? This is not even
amazon aws at all, only made to look like it:
Domain Name: amazonasws.com
Registry Domain ID: 1907818131_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.psi-usa.info
Registrar URL: https://www.psi-usa.info
Updated Date: 2019-07-01T05:31:07Z
Creation Date: 2015-03-06T19:40:26Z
Registrar Registration Expiration Date: 2020-03-06T19:40:26Z
Registrar: PSI-USA, Inc. dba Domain Robot
Registrar IANA ID: 151
Registrar Abuse Contact Email: domain-abuse at psi-usa.info
Registrar Abuse Contact Phone: +49.94159559482
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: HUSH IP LLC
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: AZ
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: https://contact.domain-robot.org/amazonasws.com
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: https://contact.domain-robot.org/amazonasws.com
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: https://contact.domain-robot.org/amazonasws.com
Name Server: ns1.parkingcrew.net
Name Server: ns2.parkingcrew.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-08-07T05:03:35Z <<<
>
> > arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
> >
> >
> >
> > You could put the entire contents, or a portion of it, in an ipfw table and
> > swap tables atomically upon change.
>
> Which would block ALL amazon hosted services, not just the specific
> that is "compute".
>
> # drill compute.amazonasws.com
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35891
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;; compute.amazonasws.com. IN A
>
> ;; ANSWER SECTION:
> compute.amazonasws.com. 600 IN A 185.53.179.8
>
> ;; AUTHORITY SECTION:
> amazonasws.com. 172799 IN NS ns2.parkingcrew.net.
> amazonasws.com. 172799 IN NS ns1.parkingcrew.net.
>
> ;; ADDITIONAL SECTION:
> ns1.parkingcrew.net. 300 IN A 13.248.158.159
>
>
> Which I believe to be an advertising sprinkler used by all
> sorts of stuff to spam your browser with a random ad page.
Defanitly confirmed, each open of the url:
http://compute.amazonasws.com takes you to a new
spam ad
>
>
> > --
> >
> > "Well," Brahm? said, "even after ten thousand explanations, a fool is no
> > wiser, but an intelligent person requires only two thousand five hundred."
> >
> > - The Mah?bh?rata
> > _______________________________________________
> > freebsd-ipfw at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
> >
> >
>
> --
> Rod Grimes rgrimes at freebsd.org
>
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-ipfw
mailing list