zlacker

[return to "Mitigating a DDoS on Mastodon"]
1. ekimek+ye[view] [source] 2019-12-06 10:57:47
>>dredmo+(OP)
On the subject of the IP leaking: Note that IPv4 only has 2^32 addresses, and people can and do mass scan all of them (see here shodan.io). If your service is exposing any identifiable information (ie. if it's not completely blocking all non-cloudflare IPs) then it's fairly easy to find even if it's "unguessable".
◧◩
2. zaarn+wn[view] [source] 2019-12-06 12:39:47
>>ekimek+ye
Well, that would only work if the other end responds to a request to the IP address with a cert that includes the proper domain.

If you setup Cloudflare properly, then you only see a CF-based certificate, not that actual hostnames. Since you didn't send a proper hostname (unless you use PTR, which isn't reliable either) it'll use whatever default hostname it has configured (or just close the connection).

Or in a case like my setup, you'll get an empty 0-byte response if no Host: header is present. The certificate is a wildcard for the primary domain the server runs, not even related to the mastodon service.

And of course, this post contains enough information to probably nail it down but on the other hand, mass scanning the internet is a lot of trouble.

[go to top]