Score:0

How to block sites such as checkip.amazonaws.com

th flag

I'd like to find a way to block websites like https://checkip.amazonaws.com or at least restrict them to the point they can no longer output my server's public IP address.

For example, if I do curl https://checkip.amazonaws.com my output would simply be 1.1.1.1 (or in other words, my IP address).

Is there a way to have an app that would inspect the output of each website my server tries to connect to and if the output contains a specific string, it automatically blocks it?

I know a way to block them one by one, but is it possible to block all similar websites based on their output?

But why?!

The reason is simple. There are people hosting game servers on a dedicated server. However, with extensions to those servers, people can easily find the public IP of the machine they are on. The public IP is hidden via reverse proxy for network protection. If a user finds the real IP of a machine, they can use it to perform an attack or do other malicious activities.

Thanks!

in flag
Block all https traffic by sniffing the traffic and drop all connections that shows your ipv4 and IPv6 addresses. You might be able to block both port 80 and 443, but nothing prevents someone running a http service or something else on some other port.
in flag
If your goal is to stop people from connecting directly to the server's IP, block all inbound connections except from your load balancer?
Score:5
in flag

Don't bother, you are fighting against windmills. This is just one of an endless list of services that show your IP address, you will never be able to block them all.

And even if you could, the user could just run his own anywhere he wants.

Restricting outgoing IP connections would be more useful, if that doesn't disrupt your services.

Score:0
in flag

the easiest thing to do is put an entry in your local machine /etc/hosts for checkip.amazonaws.com and point it at whatever IP you wish. Point it to the machine's IP or simply to 127.0.0.1. Or setup a machine on your network that collects those requests and point checkip.amazonaws.com to that machine's IP and find out when people try to do this. There are other sites that will give you the public IP your traffic comes from however, so this one may not be the only one they're using.

However, if you know the miscreants mostly use this one, an entry in the system's /etc/hosts file will put a stop to it, pronto! Child's play!

in flag
You don't even need a DNS entry for such a check, you can just connect to the IP address of the service. This is useless.
t3ln3t avatar
in flag
most people don't know IPs for services. That's why we have DNS. Plus unless it has been purposefully reconfigured, most systems consult hosts files before network name services like DNS, NIS, NIS+, or LDAP so this solution will effectively put a stop to someone using the checkip.amazonaws.com service, by name. Put the entry in the hosts file and point it at the localhost or some other system on your internal network to track when and from which system those calls are being made.
in flag
You are missing the point. If I wanted to get the IP address of said server I could just look up the IP address of the service somewhere else and run `curl -H "Host:checkip.amazonaws.com" http://52.6.167.215`. No DNS lookup necessary on the server. Your hosts entry wasn't even used.
OpenSource avatar
th flag
Yes, I already know how to block this specific host. I'm asking for a solution that would check output of each website the server tries to connect to, inspect if there's specific string there and if there is block the connection (like a middle proxy).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.