Circumventing inbound traffic rule by faking reply traffic

My question is about security groups/firewalls and protecting a virtual private cloud from the external world. Here is a description of VPC default policy for inbound/outbound traffic (on AWS):

Each security group by default contains an outbound rule that allows access to any IP address. It’s important to note that when an instance sends traffic out, the security group will allow reply traffic to reach the instance, regardless of what inbound rules are configured.

I was wondering if there exists an attack vector where a malicious user tries to circumvent the VPC’s inbound policy (i.e. block all traffic) by tricking it into thinking that the incoming traffic is a “reply” traffic? Does such attack have a name in the literature?

I can also think of a scenario where a target machine T (within a VPC) sends a request to some valid server V, but the malicious user M sends a malicious response to T (tricking it into believing that it comes from V) before T receives the actual response from V, thence circumventing T‘s inbound traffic policy.

Does the reply to the Message cantrip have a time/distance limit?

The message cantrip says the following:

You point your finger toward a creature within range and whisper a message. The target (and only the target) hears the message and can reply in a whisper that only you can hear.

The spell itself has a duration of 1 round and a range of 120 feet, but I assume this is for the caster’s “outgoing” message. Is there a time limit or a distance limit on the recipient’s reply?

I ask this because a player claims that the recipient of the message can reply any time in the future at any distance, because the spell does not specify that, and they have therefore used the message cantrip as a way to have an NPC tell them when someone is ready to collect (i.e. casting message on the NPC, with the message being “reply to this message spell when you’re done“).

I believe that the intent is that the recipient is expected to reply straight away, but that isn’t specified. For contrast, the sending spell does specify when the recipient is allowed to respond:

You send a short message of twenty-five words or less to a creature with which you are familiar. The creature hears the message in its mind, recognizes you as the sender if it knows you, and can answer in a like manner immediately.

Sending says that the recipient must reply immediately, whereas message does not specify when the recipient must reply, hence my player claiming that there is no time limit.

Regarding the distance thing, this is also treading on the toes of the sending spell somewhat, except that the caster of message still has to be within 120 feet of the recipient (it’s only the recipient that seems to have no limit on distance), whereas sending allows the caster to be the one to initiate long-distance communication.

Is my player correct? Can the recipient of a message really reply after any length of time after they receive the message, and over any distance?

Possible Scam – reply address appears to be yours

Have received the following email which I believe to be a scam

Internet Crime Complaint Center (IC3) In Partnership with: Swiss National Fraud Relief Center (NFRC) Case/Reference ID: IE3033900045 We regret to inform you that you have been a victim of identity theft. Your identity and consumer credit file have been compromised and used in an identity theft scheme recently uncovered in Ireland by federal authorities. Your more personal details have been undisclosed in this email for your own security as your email might have been compromised as well. The offenders have since been prosecuted, tried and ordered to pay restitution to victims involved willingly through wire fraud and romance or other scams, or unwillingly through identity theft and hacking. This means victims that had direct contact with the offenders by telephone or email in response to some type of scam and those who are hacked and are unaware of the incident prior to this notification. You have received this notification because this applies to you directly regardless of if you have lived in Ireland or not, that’s where the case was opened and that’s where the hackers were charged. For more detailed information about this case and the settlement pay outs that you are entitled to, immediately contact the Office of International Affairs at the Limerick City District Court by replying to this notification, or by visiting in person at 38 Roxboro Road, Limerick, Ireland between 9:00 a.m. and 4:00 p.m., Monday through Friday, excluding Court holidays. If you are visiting in person, set up an appointment prior to your visit by telephone: +353 800 814 250 (toll-free) or by email. If you are unable to make a trip, you will be rendered proper assistance online and on the telephone. Regards, Ilia Price Administrative Clerk

The send address was Ilia Price The reply address was

Are you able to confirm that is is a scam

Kind Regards Richard Stafford

[ Law & Ethics ] Open Question : Get in trouble for offensive/hateful reply email?

so a friend of mine got an email from a rep of his new credit card company saying that he could use his new card before it got to him through their app (new card was supposed fo arrive by mail in 2 weeks). he was in a bad mood and replied that the rep should f*k off and stop pressuring him, and that he would use their sh*tty card whenever he feels like it. and that the rep should kill himself. following his reply he got an email from the company saying that they closed his account due to breaking terms of fairuse policy. he then apologized and they said they appreciate the apology but will not reopen his account. he is worried. can he get in trouble for the things he said?

vsftpd Error: Server returned unroutable private IP address in PASV reply

I have followed this tutorial to set up my FTP server, using vsftpd.

When I am testing the FTP serve using I get the following error:

Error: Server returned unroutable private IP address in PASV reply

  • Make sure the server is configured to allow passive mode connections.
  • If the server is behind a NAT router, make sure the server knows its external IP address.
  • The range of ports used for passive mode must be opened in all involved firewalls.
  • The range of ports used for passive mode must be forwarded by all involved NAT routers.
  • Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router.

“Email me at” or “reply to this email”?

The situation:

I’m emailing new customers with some general info they need to set up their account. Usually, this information is more than enough. But, there’s a possibility that they might have some questions left. So, I want to be polite and at the end of the letter, I suggest they email me if they have any questions.

The question:

Is it ok to say, the following:

For any questions, please consult our Help Desk – or email me at email@example.

Considering, that the email I give in the sentence above is the same I send my letter from.

Or is it better to say:

For any questions, please consult our Help Desk – or reply to this email.

How to reply user according to different result?

i am working on a chat-bot for answering questions related me, like what are my 10th,diploma,BE scores? Hobbies? Work Experience? and other things. i am working on dialog-flow. So what i am trying to do is?

User says Hi Bot says Greetings,how can i assist you? User says How much you scored in 10th? Bot says 93% User says In diploma? Bot says 9.4 C.G.P.A. User says What are your hobbies? Bot says Reading,writing are my hobbies. now if user asks things without context then what should i do,like User says Can i know your score? Bot says Which one? 10th? Diploma? BE? User says 10th Bot says 93% User says Diploma Bot says 9.4 C.G.P.A.

please assist me with this πŸ™‚

i have tried the S.S.C. one but it is not working if i immediate ask about the diploma scores after it.

failed with 2Captcha: timeout, waiting for captcha result. last reply: CAPCHA_NOT_READY

Hi there, I need to show this error to the GSA Community –>
I am using 2Captcha and I have added 2capcha API in GSA SER. But I do not know why am I getting this error?
Can someone help me to understand the issue I am facing with this 2Captha?

Below, I am going to copy paste that full error in the text:

SerEngines: failed with 2Captcha: timeout, waiting for captcha result. last reply: CAPCHA_NOT_READY –

Should i be using any other captcha bracker? or this is a temprarly issue which will be auto solved by 2capctha (Just guessing). Looking forward to hear back from the comunity.