Block Connections from Consumer VPN networks at gateway

We have a web server behind an AWS Load Balancer. We’d like to block any host from accessing our web server if they are connecting from a Consumer VPN style network. We’ll also be doing some geo-location blocking too which we can do with AWS WAF.

For blocking Consumer VPN networks, does anyone know the easiest/fastest way to obtain a listing of CIDR blocks registered to Consumer VPN companies? I have a list of IPs that I can do a WHOIS on and find the registered block, but that wouldn’t give me all of the networks out there. I’d have to do quite a bit of WHOIS searching and guessing to build it manually. If there’s a resource out there that could help me with this endeavor that’d be great.

Entire network trojanned? UDP Port 6666 connections

While analyzing a Wireshark capture, I noticed that a large majority of hosts on my network were making MANY UDP connections to port 6666. After a quick Google search, I learned this port is commonly used as backdoor Trojan. Also, all connections on this port were to destination ip 255.255.255.255 meaning the entire network. I’ve heard that port 6666 is a common IRC port, but no one on my network is using IRC. Any ideas?

Connections that never end…

Probably THE biggest annoyance about Scrapebox for me has been situations where a job refuses to end (even when you press stop) due to open connections.  This monster rears its head in several places, but most often when running Check Links on a bunch of domains.

I’ve tried everything…
  – reducing the number of connections to a crawl
  – waiting for hours (and even a full day)
  – hitting stop and waiting
  – Shutting down Scrapebox and trying it again (and again and again)
  – Writing the vendor
…and more

Nothing seems to help.

Right now, for example, I have a list of about 100,000 urls that I want to link check. The first pass made it through just fine. It found about 7000 successful links.  I’ve found that I often need to run several more passes to check all the urls so I ran it a second time (with 150 threads)…it choked up leaving me 113 open threads when returned a few hours later.  I tried it again…same result.  I tried it again with 90 threads…same result.  I’m in the middle of some other gymnastics at the moment.

I wrote the creator a few months ago and his answer really didn’t seem satisfying….and could be summed up as “Yeah, there’s no way to close down threads that remain open on Windows”.  First and foremost, that seems almost inconceivable. Surely there is some software way to simply terminate threads (especially after a period of time or after hitting stop).  I can’t imagine that Windows forces threads to remain open….indefinitely.  But….the second issue is….  Even if the above were true and there’s no way to force threads to close, I should at least be able to regain control of Scrapebox so I can save the data that just took hours to collect.  I mean, when harvesting I’m able to save the URLs on a periodic basis (like every 10,000 for example)….and there’s always the files in the /Harvester_Sessions directory.  With Check Link, though, it seems like I cannot get any such files.  If the Active Threads ceases (as it often does), I’m just out of luck.  I cannot get a listing of my successful/unsuccessful links.  I simply have to start over…and over…and over….sometimes finally taking the time to split up my large lists and processing them in groups of 10,000 instead of 100,000+.  This is very time consuming.

Surely there is some reasonable, better way?  Maybe I’m still not getting something fundamental?

Again, it’s inconceivable to me that simply hitting stop doesn’t…..uhmmm….stop.  It’s inconceivable that Windows forces the threads to remain open with no open of forcibly closing them and even more inconceivable that I cannot save my data when this happens (and have to simply shutdown the Scrapebox task).

So that’s my rant today as I’m now experimenting with the forty-leventh method that I’m hoping my skirt this issue Smile

Any thoughts, ideas? Smile

I want to delete connections in tnsnames.ora. I need to figure out which ones are currently in use, so that I don’t delete them mistakenly


I’m using Oracle 12c in Debian 8 (on a vm)

This question is for educational purposes only. I’m not using any production servers, so anything that you can tell me won’t have consecuences

To start with, I found this link to delete registers in tnsnames.ora. I didn’t test it yet because first, I needed to know if there were active connections in the database using the information of the tnsnames.ora.
I’m asking here because I found no way of doing this, but it may be possible to do it.

For you to know, I’m using this command for connecting to the database, so that I clearly specify a tnsname

rlwrap sqlplus sys as sysdba@tnstest 

The contents of my tnsnames.ora are the following

tnstest =   (DESCRIPTION =     (ADDRESS_LIST =       (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1539))     )     (CONNECT_DATA =       (SERVER = DEDICATED)       (SERVICE_NAME = orcl)     )   ) 

But, if I want to be 100% sure that this is working, I use this command

tnsping tnstest 

Which results are…

TNS Ping Utility for Linux: Version 12.2.0.1.0 - Production on 28-JAN-2020 23:51:38  Copyright (c) 1997, 2016, Oracle.  All rights reserved.  Used parameter files: /opt/oracle/product/12.1.0.2/dbhome_1/network/admin/sqlnet.ora   Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1539))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl))) OK (0 msec) 

After all of this I know that my configuration is working, I’m using a register in tnsnames.ora for the connection, but I don’t know a way of checking…
“Hey, now that I’m connected, I want to know which register I used from the tnsnames file for connecting, if I used that file of course”

Is there any possibility that I could get this information?

Well, my following attempts of trying to figure this out, were checking the v$ session view, if there was any field that I could use to get this information, but I couldn’t find one.

After all of this, ultimately, I came here for asking. I don’t know what else to try nor I have more ideas of what should I do next.

P.S: there’s a chance that this problem is impossible to solve, because this is task I’m doing due to I’m a student of sysadmin, and our teacher intentionally added unsolvable questions.
Even so, I still think there might be a solution for this particular case

Connections that never end…

Probably THE biggest annoyance about Scrapebox for me has been situations where a job refuses to end (even when you press stop) due to open connections.  This monster rears its head in several places, but most often when running Check Links on a bunch of domains.

I’ve tried everything…
  – reducing the number of connections to a crawl
  – waiting for hours (and even a full day)
  – hitting stop and waiting
  – Shutting down Scrapebox and trying it again (and again and again)
  – Writing the vendor
…and more

Nothing seems to help.

Right now, for example, I have a list of about 100,000 urls that I want to link check. The first pass made it through just fine. It found about 7000 successful links.  I’ve found that I often need to run several more passes to check all the urls so I ran it a second time (with 150 threads)…it choked up leaving me 113 open threads when returned a few hours later.  I tried it again…same result.  I tried it again with 90 threads…same result.  I’m in the middle of some other gymnastics at the moment.

I wrote the creator a few months ago and his answer really didn’t seem satisfying….and could be summed up as “Yeah, there’s no way to close down threads that remain open on Windows”.  First and foremost, that seems almost inconceivable. Surely there is some software way to simply terminate threads (especially after a period of time or after hitting stop).  I can’t imagine that Windows forces threads to remain open….indefinitely.  But….the second issue is….  Even if the above were true and there’s no way to force threads to close, I should at least be able to regain control of Scrapebox so I can save the data that just took hours to collect.  I mean, when harvesting I’m able to save the URLs on a periodic basis (like every 10,000 for example)….and there’s always the files in the /Harvester_Sessions directory.  With Check Link, though, it seems like I cannot get any such files.  If the Active Threads ceases (as it often does), I’m just out of luck.  I cannot get a listing of my successful/unsuccessful links.  I simply have to start over…and over…and over….sometimes finally taking the time to split up my large lists and processing them in groups of 10,000 instead of 100,000+.  This is very time consuming.

Surely there is some reasonable, better way?  Maybe I’m still not getting something fundamental?

Again, it’s inconceivable to me that simply hitting stop doesn’t…..uhmmm….stop.  It’s inconceivable that Windows forces the threads to remain open with no open of forcibly closing them and even more inconceivable that I cannot save my data when this happens (and have to simply shutdown the Scrapebox task).

So that’s my rant today as I’m now experimenting with the forty-leventh method that I’m hoping my skirt this issue Smile

Any thoughts, ideas? Smile

How to sniff direct websocket connection in android ( i.e. no HTTP Upgrade connections ) using BURP?

I’ve pentested a lot of websites and a few apps too but this app eludes them all. On the websites, when there’s a websocket upgrade the BURP proxy recognizes it and starts showing it in the websockets tab. Somewhat similar happens on the apps, but not on this one.

This app doesn’t do any such thing.

How this app works :

  1. Gets it’s websocket endpoints from a config, downloaded from a website. Then ‘mysteriously’ it makes a connection to the websocket server, which isn’t visible in the BURP proxy.

My Setup : 1. Rooted phone with frida running and objection framework for ssl unpinning ( although not needed here, as I am already able to see all the http(s) traffic from the app ).

FYI I’ve added my BURP cert as root authority in my android 7.0 phone.

I’ve also tried ‘invisible proxying’ ( not sure how it works ) didn’t work either.

Any ideas would help ?

Thanks.

Connecting clients with UDP and WebSocket connections

I’m in the process of making a physics intensive multiplayer game. Naturally I use a UDP to transfer packets regarding rigidbodies between client and an authoritative server.

However non-essential packets I’d prefer to use a more reliable connection like WebSockets. This would be for things like voice chat, text chat, scoreboard, etc. It also seems the be a nice approach to checking if the client is still connected and if not, stop sending it UDP packets.

I’m actually unable to find use cases of this dual connection approach online and I was wondering how this is typically handled in similar games. Is it very far fetched or unconventional?

Another question would be how far do I take relying on the WebSocket connection? Lets say for managing remaining bullets in a guns magazine, would it be better over UDP or WebSocket?

I feel like WebSockets would be best in this case because if the bullet was successfully spawned and the server needs to remove a bullet from the client’s gun’s magazine, if that packet doesn’t arrive at the client, then they shot a free bullet…

The UDP equivalent for this scenario would be to always send the client’s magazine state as packets and the client just updates it’s magazine whenever the packets get to them. My concern here is overloading the network traffic data that might not have even changed…