Hello, welcome to the Wednesday, March 1st, 2017 edition of the San Sanct Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today we got two Amazon cloud-related items to start out with.

First, a guest diary by Remke Verhoeff.

Now, what he did was he set up a little web server within

Amazon's cloud and then just restarted it every 10 minutes for four months at the time. During

that time, he was able to intercept a large number of requests that were not destined to any domains

that he ran on that web server.

Apparently what was happening there was that Amazon is reusing IPV4 addresses rather quickly

within its cloud.

That's a common problem in that many cloud providers do have a shortage

of IPV4 addresses and then requests of course that were destined for a prior user of that

IP address are still being received. Many of the requests that he received came via Amazon's

Cloudfront service, which is a proxy service that Amazon offers to its customers.

Also, some of these requests really didn't make sense.

For example, he had requests from a Vietnamese ISP that went via multiple proxy hops, some of them the UK Department of Defense,

and ended then up in his little honeypot via Amazon Cloudfront.

So some of those details are still work in progress, but Remko did notify Amazon and Amazon

did implement what they are calling a cool down procedure

of 4 IPV4 addresses, so essentially to avoid reusing IPV4 addresses too quickly. But in other Amazon

cloud news, Amazon also had a pretty significant outage in its S3.

That's the simple storage service.

...