[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How to exclude a CDN ?



Got the same abuse mail on my exits ... you get a IP depending where
you are so you dont know where the attacker is and thats why you cant
block the IP. You are out of luck.



2016-08-09 18:38 GMT+02:00 Toralf Förster <toralf.foerster@xxxxxx>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Got few times an informal report containing something like:
>
>
>         It is most likely the attack traffic is directed at one of the following endpoints:
>
>         account.sonyentertainmentnetwork.com
>         auth.np.ac.playstation.net
>         auth.api.sonyentertainmentnetwork.com
>         auth.api.np.ac.playstation.net
>
>
> I was just wondering how would somebody handle a request to exclude those IP addresses, b/c 2 attempts to get the affected netwrok gives:
>
> # host account.sonyentertainmentnetwork.com
> account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net.
> account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net.
> e380.b.akamaiedge.net has address 104.109.72.158
>
> #  whois 104.109.72.158 | grep CIDR
> CIDR:           104.64.0.0/10
> CIDR:           104.109.64.0/20
>
>
> and at another system :
>
>
> ~/devel/wireshark $ host account.sonyentertainmentnetwork.com
> account.sonyentertainmentnetwork.com is an alias for account.sonyentertainmentnetwork.com.edgekey.net.
> account.sonyentertainmentnetwork.com.edgekey.net is an alias for e380.b.akamaiedge.net.
> e380.b.akamaiedge.net has address 184.24.193.168
>
> $ whois 184.24.193.168 | grep CIDR
> CIDR:           184.24.0.0/13
> CIDR:           184.24.192.0/20
>
>
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iF4EAREIAAYFAleqBwUACgkQxOrN3gB26U7YXQD+PHgO8nVRo01abzdu1P7zC6TZ
> gDMkb+L51zt/k7hBJOsA/0czdSd8p8AnINKx+FP2Gi5ZSjVzzBuUM9o+htw5BdIX
> =Tz+I
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays