Is it possible to intentionally cause Google and AWS to block my IP address?

It may sound a little weird. I am validating one of my possible research ideas where I want to see if I can intentionally and effectively make websites such as Google and AWS to block my IP. By "block", I mean it won’t let me directly access the service, but not necessarily blacklist my IP. For example, the website will ask me to solve a ReCaptcha before I can access its service, instead of telling me service is unavailable.

I know if I send a large number of requests in a short time (i.e., using DoS) it is very likely that I can make it work, but I wonder if there is any other "efficient" way to make it happen. From what I have found here: https://support.google.com/websearch/thread/2596872?hl=en, it mentioned Google may block the following:

  • Sending searches from a robot, computer program, automated service, or search scraper
  • Using software that sends searches to Google to see how a website or webpage ranks on Google
  • Using an app, program or script to perform a large number of searches in a short time

Is it possible that I mimic such a request and cause myself to be blocked in just one or a few requests?

WAF Block issues

We have a web app hosted in AWS. I want users to only reach specifics URIs not but not the home page of the app. For instance, if the app is reachable at https://mypublicapp.com, I only want the users to access https://mypublicapp.com/submit/d131dd02c5e6eec4/. The "d131dd02c5e6eec4" example hash value is different for different resources. When I take a look at how the app works using the DEV tools of the browser, the "Requested URL" is https://mypublicapp.com/submit**?key=**d131dd02c5e6eec4/ so the hash is sent as a query string in the headers under the value "key". At this point I could simply use the AWS waf to inspect the request header and reject everything that has no key as a query string. But the problem is that the web app, which I do not have control over, also does a request to the "/", so If I restrict the home page, I also restrict the access to the submit resource mentioned above. Any ideas on how to do the home block without blocking the resource?

Appreciate. Farid

Would an Antimagic Field block telepathic communication with a familiar?

Ichabod the Inscrutable has an imp familiar and is exploring a dungeon. He comes across a series of trapped rooms that have Antimagic Fields in them, and he wants to send his familiar to explore them.The Antimagic Fields completely fill each room, but do not extend beyond their walls.

Ichabod is currently standing outside of the first room.

Would an Antimagic Field block telepathic communication with a familiar?

Getting numerous HEAD requests by Java user agents to resources that require authentication to view within a web application. Should I block them?

I have recently started using Cloudflare’s firewall in front of a web application. This app has a limited user base of selected applicants and they must log in to view anything. There is no public registration form and nothing within the portal can be accessed without an account.

Since moving the DNS to Cloudflare I can see we are receiving numerous daily HEAD requests to paths that are only accessible within the portal.

These requests come from one of two groups of IP addresses from the United States (we are not a US-based company; our own hosting is based in AWS Ireland region and we’re pretty sure at least 99% of our users have never been US-based):

Java User Agents

  • User agent is Java/1.8.0_171 or some other minor update version.
  • The ASN is listed as Digital Ocean.
  • The IP addresses all seem to have had similar behaviour reported previously, almost all against WordPress sites. Note that we’re not using WordPress here.

Empty User Agent

  • No user agent string.
  • The ASN is listed as Amazon Web Services.
  • The IP addresses have very little reported activity and do not seem at all connected to the Java requests.

Other Notes

  • The resources being requested are dynamic URLs containing what are essentially order numbers. We generate new orders every day, and they are visible to everyone using the portal.
  • I was unable to find any of the URLs indexed by Google. They don’t seem to be publicly available anywhere. There is only one publicly accessible page of the site, which is indexed.
  • We have potentially identified one user who seems to have viewed all the pages that are showing up in the firewall logs (we know this because he shows up in our custom analytics for the web app itself). We have a working relationship with our users and we’re almost certain he’s not based in the US.

I am aware that a HEAD request in itself is nothing malicious and that browsers sometimes make HEAD requests. Does the Java user agent, or lack of a user agent in some cases, make this activity suspicious? I already block empty user agents and Java user agents through the firewall, although I think Cloudflare by default blocks Java as part of its browser integrity checks.

Questions

  1. Is there any reason why these might be legitimate requests that I shouldn’t block? The fact it’s a HEAD request from a Java user agent suggests no, right?

  2. One idea we had is that one of the users is sharing links to these internal URLs via some outside channel, to outsource work or something. Is it possible some kind of scraper or something has picked up these links and is spamming them now? As I say, I was unable to find them publicly indexed.

  3. Is it possible the user we think is connected has some sort of malware on their machine which is picking up their browser activity and then making those requests?

  4. Could the user have some sort of software that is completely innocent which would make Java based HEAD requests like this, based on their web browsing activity?

Any advice as to how I should continue this investigation? Or other thoughts about what these requests are?

What security benefit is there in 2020 to block outbound Ping [duplicate]

I’ve researched this and found the following on StackExchange and ServerFault, but they’re very old.

https://serverfault.com/questions/55889/why-block-outbound-icmp

Is it a bad idea for a firewall to block ICMP?

Security risk of PING?

So, as of now (mid-2020) is there any valid security reason to block outbound ping on one’s server.

Block Connections from Consumer VPN networks at gateway

We have a web server behind an AWS Load Balancer. We’d like to block any host from accessing our web server if they are connecting from a Consumer VPN style network. We’ll also be doing some geo-location blocking too which we can do with AWS WAF.

For blocking Consumer VPN networks, does anyone know the easiest/fastest way to obtain a listing of CIDR blocks registered to Consumer VPN companies? I have a list of IPs that I can do a WHOIS on and find the registered block, but that wouldn’t give me all of the networks out there. I’d have to do quite a bit of WHOIS searching and guessing to build it manually. If there’s a resource out there that could help me with this endeavor that’d be great.

Is AES ECB mode safe for one block Encryption then MAC with same key?

I want to do something really basic but I need to be sure that the process is safe :

Problem

Alice and Bob have to agree on a secret 6 digits PIN. They each have a pre-shared aes symetric key k and a AES-128 block cipher. The PIN will then be used only once secretly.

I want to take care of Man-in-the-Middle.

Solution

  • Alice creates à 128 bits random number : Arand
  • She encrypts Arand with basic ECB(Arand, k) and gets Acipher
  • Again, She encrypts Acipherwith ECB(Acipher, k), as a MAC, and gets Amac
  • Alice sends to Bob Acipher|Amac

Bob does the same and sends Bcipher|Bmac to Alice

  • The two of them verify the Mac by encrypting [A|B]cipher and comparing it to [A|B]mac.

  • If the mac is ok, they uncipher [A|B]cipher and get the [A|B]rand of the other.

  • They compute the 6 digits PIN by taking 3 digits in Arand and 3 in Brand.

Question

Is it safe to use ECB mode in this particular case ? Is it safe to use the same key for encryption and for the mac in this case ? Is there a much easier solution to only agree on 6 digits ?

my answer is : as we use fixed size one-bloc long messages, it’s ok am i right ?

I know we should’nt imagine ourself our own algorithms but this one seems really trivial.

Thanks ! Louis

Woocommerce Booking – Display selected block amount or duration

I am using Woocommerce Booking plugin and I would like to display the number of blocks a user is about to book.

eg:

  • Create bookable product with 30 minute blocks, min:1, max;4
  • User selects start:9:00, end:10:30
  • Front end displays calculated price and “3 Blocks”

Is this possible? and how would I go about doing this? Is there a hook or is it a template change?