Re: [LINK] Google-Cloud IP addressing
Thanks everyone for this very interesting discussion. On 2020-10-14 10:08, Hamish Moffatt wrote: > Besides, there is a privacy advantage to IP address sharing anyway. With an > encrypted connection (HTTPS), when you connect to 23.236.62.147, your ISP > (and your government) doesn't know which of the 6,281,493 domains you are > looking at. Are you looking for a recipe for sourdough or for a bomb? Now there's a thought! There's a good article about attacks on web servers mounted by altering the HTTP "Host:" header at https://portswigger.net/web-security/host-header Such attacks seem to rely on server code which trusts the content of the Host: header in incoming packets, and HTTPS isn't any protection if a client is compromised. A quick google for problems associated with firewall NAT (masquerading) didn't turn up anything, despite the vast number of systems potentially on one IP address. A different problem would presumably arise if a system on a virtual-host requires asynchronous access to a client, but I guess it could be solved with proper use of certificates. David Lochrin ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
On 13/10/20 10:37 pm, David Lochrin wrote: I searched for 23.236.62.147 on https://dnslytics.com/reverse-ip as you suggested, and that site reported "Found 6,281,493 domains hosted on IP address 23.236.62.147". Over six million IP domains hanging on one address!! I can't imagine the designers of HTTP 1.1 had that in mind 23 years ago when the RFC was published, and there must surely be some compromises. What on earth has happened to IP6? To be honest, virtual hosting is so well developed that I don't see it going away even with IPv6. If you were to allocate each of those sites their own addresses then you need extra configuration of the network stack and changes to the DNS config and I don't think there is a lot of value. Besides, there is a privacy advantage to IP address sharing anyway. With an encrypted connection (HTTPS), when you connect to 23.236.62.147, your ISP (and your government) doesn't know which of the 6,281,493 domains you are looking at. Are you looking for a recipe for sourdough or for a bomb? For full privacy, you need DNS over TLS or DNS over HTTPS (DoT/DoH) to hide your DNS requests from your ISP (and your government), and you need encrypted SNI. The former is out there and now built-in to Firefox, the latter is coming too. Hamish ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
Update correction:Seems this wasn't an IP sharing issue. At least I don't think so. There was a different problem beyond my understanding.Just wanted to clear that up. Jan - Original Message - From: jw...@internode.on.net To:"Link" Cc: Sent:Tue, 13 Oct 2020 17:32:18 +1100 Subject:Re: [LINK] Google-Cloud IP addressing Interesting.Here's another example. A group I'm in was starting to be blocked by Malwarebytes. We couldn't figure it out. Then someone tracked it down that the host was using the IP number for two different orgs and Malwarebytes didn't like it one bit. (pun not intended - heh) One of the site people for us contacted Malwarebytes to explain the situation so they added our urls to their complete whitelist instead of individuals needing to do it themselves as a trusted source.At least I think that's what happened I tried to find the discussion again and struck out. Jan - Original Message - From: "David Lochrin" To:"Link" Cc: Sent:Tue, 13 Oct 2020 13:59:42 +1100 Subject:[LINK] Google-Cloud IP addressing I've been doing a little amateur covid-19 epidemiology for a few months now. While tracking down some reliable statistics on the number of active caes recently, I came across two otherwise unrelated websites with the same IP address: 23.236.62.147, namely and . ( ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] GP online exam tech fail
On 12/10/20 8:48 am, jw...@internode.on.net wrote: ... For over 1000 people!!How in the world was that ever going to work? ... There are specialized online proctoring products, such as ProctorU and Proctorio. These run an application in the user's computer which limits what they have access to and switches on the web camera on. They look for things like another person appearing in view and then alert human proctors to check. I have tried on of these products: fist you hold your ID card up for the camera to see, then pan it around the room to show no one else was there. The test is then administered. This is a bit slow and clunky but generally works and has been used by online universities for years. https://blog.highereducationwhisperer.com/2020/05/make-online-exams-more-like-real-world.html However, a high stakes, end of course examination is not a good way to test real world skills. An electronic version of an exam is like trying to improve a steam locomotive by putting wings on it. I have never set, or sat, a real test with one of these proctoring products. In 2008 I decided to give up giving face to face lectures, and around the same time decided not to set exams, paper based or online. As a student myself, I don't enroll in courses which have high stakes examinations at the end. I don't mind a thirty minute quiz for a few percent of the final mark, or have to give a presentation and answer questions on it, but something which takes hours, for the majority of the grade is not acceptable. Unfortunately most university academics are not trained in how to design, administer, or mark alternative forms of assessment. So they waste a lot of time doing it badly and so tend to revert to using exams, as that is all they know. With some training in assessment, it is possible to produce better alternatives to exams. ANU is hosting two forums on the university of the future: * The Virtual University: Study, Community and Connections in an Age of Remote Learning", 6pm AEST Thursday 15 October 2020: http://www.eventbrite.com.au/e/the-virtual-university-study-and-community-in-the-age-of-remote-learning-tickets-124363329065 * This changes everything?! Australia and the post-pandemic world, 9am to 5pm AEST, 22 October 2020. https://ausi.anu.edu.au/events/changes-everything-australia-and-post-pandemic-world -- Tom Worthington FACS CP, TomW Communications Pty Ltd. t: 0419496150 PO Box 13, Belconnen ACT 2617, Australia http://www.tomw.net.au Liability limited by a scheme approved under Professional Standards Legislation Adjunct Senior Lecturer, Research School of Computer Science, Australian National University http://cs.anu.edu.au/courses/COMP7310/ ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
On Tue, 2020-10-13 at 22:37 +1100, David Lochrin wrote: > I searched for 23.236.62.147 on https://dnslytics.com/reverse-ip as > you suggested, and that site reported "Found 6,281,493 domains hosted > on IP address 23.236.62.147". Over six million IP domains hanging on > one address!! That address is Google's user content. It's probably not really one address - it's more probably anycast and you end up on any one of thousands of different actual servers when you go there. But I don't really know. 147.62.236.23.bc.googleusercontent.com. > What on earth has happened to IP6? I use it every day. You may well be using it too. The place that hosts my websites supports IPv6. It "just works", mostly. Most modern operating systems will use it if it's there, and will prefer it over IPv4 if both are available. Type "What's my IP" into Google - if you are using IPv6 it'll show an IPv6 address. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170 Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
On 2020-10-13 14:27, Hamish Moffatt wrote: > This is name-based virtual hosting, and has been part of HTTP since 1.1 and > HTTPS since more recently. It is necessary because there's nowhere near > enough IPv4 address space for every web site in existence (in addition to all > the client devices). It is not a DNS hack. [...] Thanks for that explanation Hamish, I've never known much more than the basics of HTML. I searched for 23.236.62.147 on https://dnslytics.com/reverse-ip as you suggested, and that site reported "Found 6,281,493 domains hosted on IP address 23.236.62.147". Over six million IP domains hanging on one address!! I can't imagine the designers of HTTP 1.1 had that in mind 23 years ago when the RFC was published, and there must surely be some compromises. What on earth has happened to IP6? David Lochrin ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
On Tue, 2020-10-13 at 17:32 +1100, jw...@internode.on.net wrote: > Interesting.Here's another example. A group I'm in was starting to > be blocked by Malwarebytes. We couldn't figure it out. Then someone > tracked it down that the host was using the IP number for two > different orgs and Malwarebytes didn't like it one bit. That doesn't entirely make sense. Half the western world runs on shared hosting for web and email. It's extremely common for multiple domains to resolve to the same IP address. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer GPG fingerprint: 2561 E9EC D868 E73C 8AF1 49CF EE50 4B1D CCA1 5170 Old fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Google-Cloud IP addressing
Interesting.Here's another example. A group I'm in was starting to be blocked by Malwarebytes. We couldn't figure it out. Then someone tracked it down that the host was using the IP number for two different orgs and Malwarebytes didn't like it one bit. (pun not intended - heh) One of the site people for us contacted Malwarebytes to explain the situation so they added our urls to their complete whitelist instead of individuals needing to do it themselves as a trusted source.At least I think that's what happened I tried to find the discussion again and struck out. Jan - Original Message - From: "David Lochrin" To:"Link" Cc: Sent:Tue, 13 Oct 2020 13:59:42 +1100 Subject:[LINK] Google-Cloud IP addressing I've been doing a little amateur covid-19 epidemiology for a few months now. While tracking down some reliable statistics on the number of active caes recently, I came across two otherwise unrelated websites with the same IP address: 23.236.62.147, namely and . ( ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
