Author: Luki

App Service: Unable to contact IP driver

Post author By Luki
Post date 2024-01-13

I had to debug an Azure App Service and was running a ping command on the Kudu PowerShell Console. When running a ping command, it returns ‘Unable to contact IP driver. General failure.’, which could lead you to believe there is a problem in the app service networking in general. However, this is not the case.


Kudu Remote Execution Console
Type 'exit' then hit 'enter' to get a new powershell process.
Type 'cls' to clear the console

PS C:\home> ping google.com
ping google.com
Unable to contact IP driver. General failure.

ICMP ping is simply not supported, and TCP ping should be used instead.

News Security

Stay on top of Cyber Security Alerts

Post author By Luki
Post date 2024-01-09

It’s important to stay on top of new discoveries and vulnerabilities, following up on products. Knowing is the first step, evaluation and taking action is the second step.

Cyber Security Alerts

Vendors

Another crucial step is to sign up for security advisories with all your key vendors to significantly reduce the response time to newly released security advisories from the supplier.

For example like:

Atlassian
- If you are using Atlassian products, especially Data Center or perhaps an outdated server version, I recommend signing up for the Atlassian Security Advisory mailing list. They have recently started sending monthly updates and sometimes even more with crucial information regarding patching and vulnerabilities. In my opinion, it is an absolute must to follow. (2024-01-18)

Azure

AzureDiagnostics have been trimmed

Post author By Luki
Post date 2024-01-03

I encountered the following issue with a recently deployed Azure AKS Cluster connected to a Log Analytics Workspace in Azure.

I encountered this error in my Log Analytics Workspace.

The following fields' values log of type AzureDiagnostics have been trimmed to the max allowed size, 32766 bytes. 
Please adjust your input accordingly. (1)

I found that this is a known problem on AKS and has already been added as a bug in the following ticket. Entire CRD in kube-audit-admin logs #3316

News Security

Terrapin Attack, SSH protocol vulnerability

Post author By Luki
Post date 2023-12-27

I had to evaluate the risk of a potential Terrapin attack.

CVE-2023-48795: General Protocol Flaw
CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.

News

This Week: Inspiration and Knowledge at 37C3

Post author By Luki
Post date 2023-12-26

Every year (when its possible) the Chaos Communication Congress is part of my last week of the year. I never had the chance to attend in person but some presentation are truly great. This year the 37 edition under the name 37C3 with the claim “unlocked” will take place over the course of 4 days.

ℹ This post will be updated multiple times over the next few days.

News Web

What is google-proxy-00-000-00-00.google.com?

Post author By Luki
Post date 2023-12-20

Recently, I noticed a significant increase in requests from the hostnames like this google-proxy-00-000-00-000.google.com in my log files. Upon investigation, I discovered that this hostname is commonly used for previews in Google Search. However, this explanation did not seem to apply to my situation. Additionally, the source of this information is 10 years old. The received requests from those proxy domains also contained a regular browser user agent string and not an official Google user agent to identify a specific product or service. Further research revealed that Google Chrome is experimenting with hiding the IP address through IP Protection.

I am concerned about this development because routing traffic through Google’s servers may complicate efforts to block DDoS attacks or identify fraudulent activity.

In response to these concerns, Google is considering measures such as requiring authentication with the proxy for users of this feature, preventing the linking of web requests to specific accounts by proxies, and implementing rate-limiting to safeguard against DDoS attacks.

Please share additional insights in the comments. The comment submission form will automatically disappear after some time.

Web

radar.cloudflare.com – Verified Bots

Post author By Luki
Post date 2023-12-13

The Verified Bots service offered by radar.cloudflare.com is a feature that allows website owners to have a good starting point for determining whether a bot might be legitimate.

Azure News

Azure West Europe Dsv5 Availability

Post author By Luki
Post date 2023-12-12

I experienced issues today (2023-12-12) while deploying Azure Kubernetes Service (AKS) to Azure West Europe. It appears that the CPU type availability is exhausted in West Europe, which is a significant concern if your Azure Governance and related policies dictate that deployment must occur in this region.

{"code":"InvalidTemplateDeployment","message":"The template deployment 'aksCluster-20231212T084250Z' is not valid accord
ing to the validation procedure. The tracking id is '3abc3456-a9cd-789e-12f3-g456hij78901'. See inner errors for details
.","details":[{"code":"BadRequest","message":"Provisioning of resource(s) for container service aks01-euw-dev in resourc
e group rgr-euw-dev failed. Message: The VM size of Standard_D16s_v5 is only allowed  in zones [2] in your subscription 
in location 'westeurope'. . Details: "}]}

News Web

Firefox – Copy Link Without Site Tracking

Post author By Luki
Post date 2023-12-11

The latest version of Firefox features a new context menu option on links: “Copy Link Without Site Tracking.”

2023-12-11 latest Firefox 120.0.1

Security

SharePoint Developer Toolbar Warning

Post author By Luki
Post date 2023-11-29

This warning is present on all SharePoint and is designed to prevent people from being tricked into copying and pasting malicious code into the developer console of their browser.