Dear amazon shareholders – [or the plan of how to block all amazon ip addresses].

are-you-serious-wtf-meme-baby-faceBananas in the falklands has a job of dealing with the bad hosts on the internet some examples are 54.183.102.9, 54.183.88.245, 54.184.56.157, and 54.183.102.9 who are part of the computing side of amazon.com.  Oh i have many more but i don’t want to bore you by 32 bit addresses.

The numbers mentioned cannot do ssl, or intentionally try to break it. Here in the zoo failtoban (my blog) spots them and blocks them and that’s how i know these are shit hosts, or scammy clients of amazon.  It got to point dear amazon shareholder that i have certain netblocks etched into my brain of amazon server assigned ip’s.

So ok your thinking amazon will deal with it. Well they wont unless i give them a protocol analyser output of the specific date and time which is not going to happen on our production web servers here in the zoo.  So they keep coming and failtoban does it job.

So is this a problem – well having replaced mod ssl (my blog) for something better ecs clients still keep doing the same thing which i know the ssl certificate works and gets an a- for config (my blog).  Its not us.  That means ecs has a rather shit reputation here.  I cannot comment about anybody else

malletThis means i am thinking of blocking your ecs service with those numbers i keep seeing and i cant personally buy amazon sourced products and services.  I am happy to retard your stock returns and make the clients of amazon wonder why the shit software in use fails to connect or work.

To block amazon i used the command

ip route add prohibit 54.192.0.0/12

That seems to cover some of amazon’s ip space as on boot amazon ip’s like ec2-54-191-158-13.us-west-2.compute.amazonaws.com [54.191.158.13] can connect, and afterwards i see no more log entries.  Might be some collateral damage but my first attempt seems to have dev nulled most of the problem.  I did think about block listed individual hosts /32 or smaller subnets /24 [256 hosts] but the individual hosts would change too often and the /24 subnets would mean a lots of entries.  Hence the big mallet or /12

toolsI am glad we had a chance to communicate and if you feel wronged please send email from amazon’s ip space for a discussion. But be patient for a reply.

Other ranges include 23.20.0.0/14 54.192.0.0/12 54.72.0.0/13 54.80.0.0/12 54.240.0.0/12 54.64.0.0/13 54.176.0.0/12 184.72.0.0/15 54.160.0.0/12

We are getting there but the more you piss us off with your talk to the hand attitude the easier i find it to make your ip to not route. It i was ec2/aws client i would not be happy.

2 responses

  1. Pingback: The countries who send bad traffic and why the monkey with a mallet does wonders | Bananas in the Falklands

  2. Pingback: Its a scam – free international television, but linode, and amazon happily host it. | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s