Author: Luki

Categories
Web

Freshping.io Service Undergoing Renovation

Freshping.io from my fantasy created with DALL-E
Freshping.io from my fantasy created with DALL-E

Freshping offered an excellent free service for monitoring websites with a 1-minute interval. In comparison, Statuscake’s free plan is limited to a check every 5 minutes. In November 2023, a notice was published stating that all support for free plans would be discontinued for new development. I’m curious about what’s to come, and I hope the service will either remain the same or improve. Of course, the free plan is suitable for personal websites like this one, but in my opinion, it’s not suitable for professional websites. For those, a paid plan is usually the preferred choice.

Continue reading “Freshping.io Service Undergoing Renovation”
Categories
Azure News

Azure Incident on January 21, 2024

A Global Azure Resource Manager Outage as Imagined by DALL-E
A Global Azure Resource Manager Outage as Imagined by DALL-E

Azure was reporting an issue on their status page. I have found it to be impacting services.

https://azure.status.microsoft/en-us/status

The case was resolved. In 14 days (February 5th, 2024), we can expect a final report. The final report was posted.

Continue reading “Azure Incident on January 21, 2024”
Categories
News Security

NoName057(16) DDoS January 2024

NoName057(16) DDoS Attack as Imagined by DALL-E

Before the World Economic Forum in January 2024 in Davos Switzerland, Chinese Premier Li Qiang arrived in Switzerland on Sunday and was officially received with military honors. On the same day, Ukrainian President Volodymyr Zelensky visited the Swiss Parliament Building in Bern. The World Economic Forum began in Davos on Monday. By Wednesday January 17th 2024, the first public reports appeared regarding DDoS attacks against websites in Switzerland, attributing them to the group NoName057(16).

Continue reading “NoName057(16) DDoS January 2024”
Categories
Azure

App Service: Unable to contact IP driver

Kudu Unable to contact IP driver. General failure.

I had to debug an Azure App Service and was running a ping command on the Kudu PowerShell Console. When running a ping command, it returns ‘Unable to contact IP driver. General failure.’, which could lead you to believe there is a problem in the app service networking in general. However, this is not the case. 


Kudu Remote Execution Console
Type 'exit' then hit 'enter' to get a new powershell process.
Type 'cls' to clear the console

PS C:\home> ping google.com
ping google.com
Unable to contact IP driver. General failure.

ICMP ping is simply not supported, and TCP ping should be used instead.

Continue reading “App Service: Unable to contact IP driver”
Categories
News Security

Stay on top of Cyber Security Alerts

It’s important to stay on top of new discoveries and vulnerabilities, following up on products. Knowing is the first step, evaluation and taking action is the second step.

Cyber Security Alerts

Vendors

Another crucial step is to sign up for security advisories with all your key vendors to significantly reduce the response time to newly released security advisories from the supplier.

For example like:

  • Atlassian
    • If you are using Atlassian products, especially Data Center or perhaps an outdated server version, I recommend signing up for the Atlassian Security Advisory mailing list. They have recently started sending monthly updates and sometimes even more with crucial information regarding patching and vulnerabilities. In my opinion, it is an absolute must to follow. (2024-01-18)

Categories
Azure

AzureDiagnostics have been trimmed

I encountered the following issue with a recently deployed Azure AKS Cluster connected to a Log Analytics Workspace in Azure.

I encountered this error in my Log Analytics Workspace.

The following fields' values log of type AzureDiagnostics have been trimmed to the max allowed size, 32766 bytes. 
Please adjust your input accordingly. (1)

I found that this is a known problem on AKS and has already been added as a bug in the following ticket. Entire CRD in kube-audit-admin logs #3316

Categories
News Security

Terrapin Attack, SSH protocol vulnerability

I had to evaluate the risk of a potential Terrapin attack.

  • CVE-2023-48795: General Protocol Flaw
  • CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.

Continue reading “Terrapin Attack, SSH protocol vulnerability”
Categories
News

This Week: Inspiration and Knowledge at 37C3

Every year (when its possible) the Chaos Communication Congress is part of my last week of the year. I never had the chance to attend in person but some presentation are truly great. This year the 37 edition under the name 37C3 with the claim “unlocked” will take place over the course of 4 days.

ℹ This post will be updated multiple times over the next few days.

Continue reading “This Week: Inspiration and Knowledge at 37C3”
Categories
News Web

What is google-proxy-00-000-00-00.google.com?

Recently, I noticed a significant increase in requests from the hostnames like this google-proxy-00-000-00-000.google.com in my log files. Upon investigation, I discovered that this hostname is commonly used for previews in Google Search. However, this explanation did not seem to apply to my situation. Additionally, the source of this information is 10 years old. The received requests from those proxy domains also contained a regular browser user agent string and not an official Google user agent to identify a specific product or service. Further research revealed that Google Chrome is experimenting with hiding the IP address through IP Protection.

I am concerned about this development because routing traffic through Google’s servers may complicate efforts to block DDoS attacks or identify fraudulent activity.

In response to these concerns, Google is considering measures such as requiring authentication with the proxy for users of this feature, preventing the linking of web requests to specific accounts by proxies, and implementing rate-limiting to safeguard against DDoS attacks.

Please share additional insights in the comments. The comment submission form will automatically disappear after some time.

Categories
Web

radar.cloudflare.com – Verified Bots

The Verified Bots service offered by radar.cloudflare.com is a feature that allows website owners to have a good starting point for determining whether a bot might be legitimate.

Continue reading “radar.cloudflare.com – Verified Bots”