Log for 電訊台

104.27.135.74
呢條ip pkkw到而家都未ping得通

@TinSiu @licson @googlezi happen to know why?

traceroute to 104.27.135.74 (104.27.135.74), 30 hops max, 60 byte packets
1 10.193.232.171 (10.193.232.171) 4.196 ms 4.123 ms 10.193.233.171 (10.193.233.171) 4.040 ms
2 10.193.233.184 (10.193.233.184) 3.948 ms 10.193.232.181 (10.193.232.181) 3.590 ms 10.193.232.182 (10.193.232.182) 4.489 ms
3 10.198.11.82 (10.198.11.82) 4.421 ms 10.198.11.74 (10.198.11.74) 4.092 ms wtsc3a006.netvigator.com (218.102.40.6) 4.041 ms
4 pcd507229.netvigator.com (218.102.39.229) 4.262 ms n219076107017.netvigator.com (219.76.107.17) 4.216 ms pcd507225.netvigator.com (218.102.39.225) 4.172 ms
5 pcd507225.netvigator.com (218.102.39.225) 4.350 ms 4.304 ms !H *

route 錯咗

What I can help you ?

I have asked CF Engineer,

They said this client is just move to CF, and their own host may be being attack.

成個cf ip null route好大鑊...

So, CF is normal. But their host is being attack. And because their DNS just changed to CF, so the route is not updated as well.

CF is working normal.

BTW, what is 104.27.135.74 ?

NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://rdap.arin.net/registry/ip/104.16.0.0

I don`t understand, are you pinging a website, or a IP address ? Why you ping a CF IP >?

ip address owned by CF

So, why you ping it

hkchronicles.com dns指過去呢個ip，完全connect唔到，發現 ping去到pccw斷左

this website is being attack as said.

想知技術上咩事

This website is just moved to CF 24 hours

佢應該有三個dns a record

And their host is being attack, as I said checked with CF Engineer

l3 flood到要斷route?

Very easy to flood a website / server by UDP

Send huge shit traffic over the port capacity

ikr

And they looks like is a beginner and don`t know how to handle the attack

The attacker is send traffic to their real host, not CF

They are trying to switch the attack traffic to CF

我知

So they stuck at this point.

跟住cf要null route埋個ip..?

time to up the game with paid plan of argo tunnel?

CF is working fine as said, no null route

無理由會走返落去customer level

change IP, enable argo tunnel, no way to attack unless CF leaks their IP

就係想知點解ping一個cf ip會斷，因為理論上好多網share同一個cf ip

or gen the whole pages to html and host it using worker

只係用Host header做reverse proxy

依家條route係上左core再落返去edge

而唔係走去global

They havent change their REAL Host, so the Attacker is still send traffic to their REAL host, so CF can`t read data from the host, so BAD 502

好多方法可以漏 IP

This website is hosted by a noob

其實果個網垃圾ser 預左down

你講呢度唔夠做

🤔

e.g.?

And this noob said HK has GFW, this is a joke

MX record

argo tunnel 連返去CF

HKBN
[saren@saren-xps13 ~ ]% ping 104.27.135.74
PING 104.27.135.74 (104.27.135.74) 56(84) bytes of data.
64 bytes from 104.27.135.74: icmp_seq=1 ttl=58 time=41.8 ms
64 bytes from 104.27.135.74: icmp_seq=2 ttl=58 time=42.4 ms

SSL Certificate

[saren@WTAKO ~ ]% ping 104.27.135.74
PING 104.27.135.74 (104.27.135.74) 56(84) bytes of data.
From 218.102.39.229 icmp_seq=2 Destination Host Unreachable

always don't host email yourselves lol

We are here, have direct link to oversea, so not possible to block any website

another ng secure DNS history case

甚至你自己網站寫得唔開有地方可以 leverage

MX = gmail

googlemail.com lol

我...

我係自己 host，exchange 嚟

你點同, 你賣錢

Can you check how host their website DNS ?

我連vpn都唔識賣

Attacker can attack their DNS server as well to shutdown the website

??? wt do u mean by that

理論上會咁

normal, this applies to all CF ip

Where they host their DNS, before move to CF

會唔會又好似我上次比你睇咁

We are using Google Anycast DNS, better then CF

there are some trail record websites to search for

套 Anti-DDoS 幫人哋 subnet inject 咗 null route

130 [saren@saren-xps13 ~ ]% curl -v http://104.27.135.74/ > /dev/null
* Trying 104.27.135.74:80...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 104.27.135.74 (104.27.135.74) port 80 (#0)
> GET / HTTP/1.1
> Host: 104.27.135.74
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Fri, 08 Jan 2021 07:34:12 GMT
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 16
< Connection: close
< X-Frame-Options: SAMEORIGIN
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Set-Cookie: __cfduid=dee753a677a8a32c4267fb69ce4065e841610091252; expires=Sun, 07-Feb-21 07:34:12 GMT; path=/; domain=.104.27.135.74; HttpOnly; SameSite=Lax
< cf-request-id: 078283e4480000cc2ce412e000000001
< Server: cloudflare
< CF-RAY: 60e43c1a0f70cc2c-SIN
<
{ [16 bytes data]
100 16 100 16 0 0 195 0 --:--:-- --:--:-- --:--:-- 195

if you hit me, you hit google

but google charges you

cheap

like 0.09/GB

上次 PCCW 套 Anti-DDoS 幫我朋友個 network inject 咗 null route 仲落埋 hkix

And our RDNS also host at Anycast , LOL

A higher layer attacker will attack RDNS, not DNS

姐係pccw anti ddos擋左出去既traffic?

cheap money, but the attacker wasted a lot.

if you trust CF then both are handled by them

CF don`t have RDNS hosting

Just server provider need RDNS

but the exposed IP is CF's

normal web site owner don`t need rdns hosting

有呢個機會

if you need to host mail server...

As said, their host is being attack, may be included DNS (Not CF one)

??? 唔明

you host a mail server, is ask your ISP to change rDNS for you, not host a rDNS

DNS is fine for the moment

if you can resolve using their NS directly

and if they are using CF, then 1.1.1.1 would work lol

I just want to know where they host their HOST server. so I can deep check

such important site use Google tools

Basiclly 1.1.1.1 is not owned by CF.

they must be iditos

anyone confirm?

APNIC?

They just operate DNS on this 1.1.1.1

not going to be visible unless you cached it before

traffic大爆炸,免煩就入null route

APNIC?

Yes, I know the handle man.

1.1.1.1 as a service, since it's what's called

And China have hijacked 1.1.1.1 some years ago

use dnscrypt

DNSSEC

Even Cisco captive portal uses 1.1.1.1 before you authenticate

that's the reverse

yes

so i actually use 1.0.0.1

about 3 years ago, APNIC start to use 1.1.1.1

Before 1.1.1.1 is just like 127.0.0.1

So many company used 1.1.1.1 for their own service

i guess a lot of people do

if you ever need to verify with google lol

And APNIC have a record saved for big data, once you used 1.1.1.1 for search website

i route through ipv6
locally i host my own dnscrypt proxy

They know everything

Cloudflare still receive garbage traffic to 1.1.1.1

1.1.1.1 + Host header can go cloudflare site

Fucking this covid-19, otherwise I join their conf. event

https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver#limited-data-sharing-with-apnic
again, you need to trust CF lol

Not trust CF, trust APNIC

data will store at APNIC

肥囝,你有冇trace route係由PCCW出去

有嘅話cap畀我,我射畀我個邊center

?

if you properly use dnscrypt or doh, then the queries are encrypted to cf servers

大呢個就係pccw home traceroute出去

As said, I know their team at APNIC for working at 1.1.1.1

PCCW嘅去104.27.135.74

so if the servers are operated by apnic, that's not much to talk about

pccw ip

其實你可以用中文

IP is owned by APNIC, but server is opereate by CF

Both side I also have their contact.

I don`t know Chinese input

so who gets the data?

APNIC is the backend. APNIC Lab.

okay

they use

CF is front-end

GoDaddy

if "https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver#limited-data-sharing-with-apnic" is true, then CF only shares what they intent to share???

hkleaks.info is the original domain

=> godaddy

looks like CF from the beginning

Bcoz front end will get your data first, so they share to APNIC Lab, who own this IP address

then what kind of data APNIC gets would trace back to you?

So the attacker found their host IP, direct attack the host, so CF CDN can`t load their Host data, so 502 BAD

All.

But they will not use to tracert you.

OK, forward-ed

"Cloudflare has agreed to provide APNIC with access to some of the anonymized data that Cloudflare collects through the Cloudflare Public DNS Resolver. Specifically, APNIC will be permitted to access query names, query types, resolver location and other metadata via a Cloudflare API, that will allow APNIC to study topics like the volume of DDoS attacks launched on the Internet and adoption of IPv6." so the "other metadata" is essentially all data?

If you want to know more, join their event

thx

Their event will host every 6 months

in Asia

APNIC or what

APNIC

every 6 months will have APNIC event

i don't have direct business with them

They all will disclose what they do

Oh....

民主的 APNIC

You will meet a lot of friends over the world.

Not just stay in HK

try type more chinese chars

by手寫板

for real, i've a hard time reading your eng text

I know

Bcoz I`m using short english

e.g. why "`" instead of " ' "

may be Taskmaster can explain what i'm frustrated with

BTW, I chat with oversea friend is using this short English

And all they can understand

` is backquote

not apostrophe

Traffic problem, blackholed

I'm

'

👌

我 IELTS 作文有6 分

😋

話說 researching HFT

High Freq Trading

玩美股

要D latency 要快先得

你未去過 Apricot 🤔

射左上去添😗

有大佬follow up緊

wa............

我咩都唔知，本來打去問咩事就算

之後對面打黎就話射左上去

Still can't figure out the why that Smartone internal DNS returns 127.0.0.1

估中左

又係果個有 bug 嘅 system

CF 又唔係 HK Local Transit customer

點解會捉到粒 IP 出來 blackhole

同埋suppose應該會whitelist佢

唔知咩事會hit 中

話說有冇人知道 VPLS 可唔可以做到點對多點 🤔

但我唔方便深究

Juniper有講can

最近打算買條三點駁埋變 LAN 嘅 loop

OK

問下個 provider 先 😂

我依家兩條主要 Local Loop 都係搵 Traxcomm

依家連 HKBN 都吊高價錢賣

之前 HKBN 都唔使一萬一條 依家要萬二

10G?

係

@website_502_BAD_GATEWAY 今日係未著背心短褲

不嬲都係㗎啦

@website_502_BAD_GATEWAY https://youtu.be/P_qOY0H91qQ

係你地抵受唔住呢d寒冷

麗珍

有冇follow up

無聲氣

可能check check下發現國安做緊野 要收聲 (?)

應該唔係,因為如果咁而要take down嘅話,suppose DNS見到嘅Record都要take donw

但目前係得呢粒IP有事

應該問你呀今日返工嘅衣着係點有冇着短袖衫

你條Traxcomm 幾錢？

VPLS

VPLS 未有，宜家普通嘅一條 4500

彼得有料

我件衫背脊係咁出汗

你應該係有病，有冇諗過睇醫生？

神經病?

1G?

10G

好過煤氣通 latency 正常嘅

煤氣通嗰啲 latency 好似環繞香港一圈咁

DWDM 定Ethernet ?

Ethernet 黎

DWDM 吾同latency

煤氣通差唔多價錢但係 DWDM

I c

latency 差到……

睇中醫話我嚴重濕熱 我嗰陣需要食半年藥先好返

我覺得你應該未好返

仲係肥騰騰，似係脾都虛

你點知肥騰騰🤔🤔🤔

屌你張圖唔係你呀

肉又鬆泡泡咁

係我呀 d人睇到話我似嗰隻熊本🤣🤣🤣

好撚凍

好撚熱啊而家

過嚟荃灣搵我

幫你淋冰水降溫

約左禮拜日睇牙醫

贈谷友

CCNP係未要做lab?

咁人哋有料冇計

唔駛，Sim

依家NP都係兩份卷

唔通係講緊我，兩樣都識

@ricebowl 你哋嗰邊有冇收到風 淨係而家知

乜來的

假都變真

都要睇係咩level

Juicy又有得煲下

DNS block既話

大家識啦…

我覺得現階段真係最多DNS censor

咁仆街啦 係唔係老電高層唔知呢件事

日月報

我就話唔好炒車

其他點做上年七月大家無準備

佢如果再係咁樣封落去嘅話我驚佢封埋Google

咁我會建議你驗腦先

我都想係咁 但係明報嘅報道咁樣講 搞到我都要諗諗

日月 班人都唔識

peter 又話係hacker

我係加密嗰便姐 但要做到咁我都要諗緊係咪真係電訊商做嘢

報完之後好快上到

中國香港是最自由的

淡定啲睇睇先