Summary: | Ipfire connections.cgi is impacted by FastFlux - http://isc.sans.org | ||
---|---|---|---|
Product: | IPFire | Reporter: | Horace Michael (aka H&M) <horace.michael> |
Component: | --- | Assignee: | Peter Müller <peter.mueller> |
Status: | CLOSED FIXED | QA Contact: | |
Severity: | - Unknown - | ||
Priority: | - Unknown - | CC: | michael.tremer |
Version: | 2 | ||
Hardware: | unspecified | ||
OS: | Unspecified |
Description
Horace Michael (aka H&M)
2022-02-27 09:28:54 UTC
While I understood the underlying issue here, I cannot currently reproduce it with 108.138.17.118 (which isc.sans.org resolves to): [root@maverick ~]# location version Wed, 02 Mar 2022 05:46:50 GMT [root@maverick ~]# location lookup 108.138.17.118 108.138.17.118: Network : 108.138.16.0/21 Country : United States of America Autonomous System : AS16509 - AMAZON-02 Anycast : yes Is the faulty behaviour still observable in your system? Good morning Peter, I believe this is a side effect of the bug #12783 (https://bugzilla.ipfire.org/show_bug.cgi?id=12783) After solving bug #12783 the problem (fast flux detection) disappeared - currently my boxes run the patched version of connections.cgi. May I suggest to link this bug with #12783 and also check the patch from #12783? Hope it helps! Late info: since I am in another part of the world, I get different IPs for isc.sans.org: Non-authoritative answer: Name: isc.sans.org Address: 13.225.80.99 Name: isc.sans.org Address: 13.225.80.19 Name: isc.sans.org Address: 13.225.80.77 Name: isc.sans.org Address: 13.225.80.98 Above belong to same AS16509 as you Ip belongs. location lookup 13.225.80.99 13.225.80.99: Network : 13.225.80.0/21 Country : United States of America Autonomous System : AS16509 - AMAZON-02 Anycast : yes [root@ipfire-x86-64 ~]# location version Tue, 01 Mar 2022 05:32:08 GMT But isc.sans.edu is resolved with different IP addresses Non-authoritative answer: Name: isc.sans.edu Address: 45.60.31.34 Name: isc.sans.edu Address: 45.60.103.34 And this belongs to different AS: location lookup 45.60.103.34 45.60.103.34: Network : 45.60.103.0/24 Country : United States of America Autonomous System : AS19551 - INCAPSULA So, I believe that solution from bug #12783 also solved this one... Solved by solution for bug #12783 |