Error with "Anomaly detections based on Autonomous Systems information"

Networking Web Proxy
1

Hi.

I come on vacation and I encounter this problem:

With his activated:

imagen
imagen919×75 2.49 KB

The following occurs:

imagen
imagen1042×461 13.9 KB

If I uncheck the corresponding boxes for “Anomaly detections based on Autonomous Systems information”, everything starts to work correctly.

The affected pages (as far as I am aware), are:

https://blog.ipfire.org/
https://community.ipfire.org/
https://www.caixabank.es/

Can anyone else confirm?

Regards.

2

I just restarted the IPFire and now I can’t navigate to any page with the options checked.

More specifically, it is by having the “Deny access to destinations hosted on selectively announced networks” box checked.

Any solution?.

Greetings.

3

@roberto What happens if you clear the cache?

4

Hello @cfusco .

I have tried both to clear the proxy cache of the IPFire and the local computer (W11) but it does not solve anything.

Greetings.

5

I find this very suspicious. If you read the blog post concerning fast flux, it is based on an excessive diversity of ip address over several ASNs, returned by a dns query. Clearly the ipfire project FQDNs is not falling in this category. Why your system believes the opposite?

EDIT: Can it be that the feed of your provider somehow is not receiving AS24679 which is BGP routing the IPs of the IPFire project?

6

Hi,

thank you for reporting this. Unfortunately, I cannot reproduce it here.

What is the output of

location version

on the affected IPFire machine?

Thanks, and best regards,
Peter Müller

1 Like
7

Hi @pmueller

[root@bs ~]# location version
Fri, 01 Jul 2022 06:00:18 GMT
[root@bs ~]#

Thanks.

8

Hi @cfusco and @pmueller.

I have updated using “location update” and now I have day 05 and everything works correctly now.

If it’s just this, I’ll take it for granted.

Greetings and many thanks to both of you.

9

Hi,

hm, I am not satisfied with that, but glad to hear that things are solved for your for the time being. Will investigate on libloc’s backend side to see what happened on July 1st…

Thanks, and best regards,
Peter Müller

1 Like
10

today i got errors if I want to reach google.de, google.com, bing.com, amazon.de
in combination with “fast flux”.

After I disabled it everything works.

Anybody else? Any hint for a secure solution?

The problem exists only when
“Deny access to destinations hosted on selectively announced networks:” is checked.

Update:
I have also checked - “location version” and got
Fri, 01 Jul 2022 06:00:18 GMT

Update2:
after “location update”
→ Downloaded new database from Wed, 06 Jul 2022 06:08:28 GMT

and everything works

11

Just checked it and I have no trouble with this sites. But my version is Wed, 06 Jul 2022 06:08:28 GMT.