amazonaws

Rodney W. Grimes freebsd-rwg at gndrsh.dnsmgr.net
Wed Aug 7 05:33:45 UTC 2019 

> On Tue, Aug 6, 2019 at 6:23 PM Rodney W. Grimes <
> freebsd-rwg at gndrsh.dnsmgr.net> wrote:
> 
> > > Hi!
> > >
> > > Is it possible to bl;ock compute.amazonasws.com with ipfw firewall. I
> > > have a table with many amazonasws IPs but every time when I start
> > > Firefox it shows the new one (I am checkong with tcpdump).
> >
> > Since it is almost impossible to keep up with the IP's....
> >
> 
> This is not even remotely true.
> 
> https://ip-ranges.amazonaws.com/ip-ranges.json
> 
> is kept up-to-date, and you can subscribe to an SNS topic to be notified of
> changes:

That is ALL amazon address space, not the specific "compute.amazonasws.com"
address only.  I do not see how you can derive the valid values of this
from the presented URL.

> arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
> 
> 
> 
> You could put the entire contents, or a portion of it, in an ipfw table and
> swap tables atomically upon change.

Which would block ALL amazon hosted services, not just the specific
that is "compute".

# drill compute.amazonasws.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35891
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 
;; QUESTION SECTION:
;; compute.amazonasws.com.      IN      A

;; ANSWER SECTION:
compute.amazonasws.com. 600     IN      A       185.53.179.8

;; AUTHORITY SECTION:
amazonasws.com. 172799  IN      NS      ns2.parkingcrew.net.
amazonasws.com. 172799  IN      NS      ns1.parkingcrew.net.

;; ADDITIONAL SECTION:
ns1.parkingcrew.net.    300     IN      A       13.248.158.159


Which I believe to be an advertising sprinkler used by all
sorts of stuff to spam your browser with a random ad page.


> -- 
> 
> "Well," Brahm? said, "even after ten thousand explanations, a fool is no
> wiser, but an intelligent person requires only two thousand five hundred."
> 
> - The Mah?bh?rata
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
> 
> 

-- 
Rod Grimes                                                 rgrimes at freebsd.org

More information about the freebsd-ipfw mailing list