Does Locust make use of IP Spoofing? - locust

I'm running locust load test against my server, which has Cloudflare limit of 250 requests per second per IP (user). And I'm hitting that limit with following locust config:
Users: 100
RPS is around 100
So, the question arises here is:
Does Locust make use of IP spoofing to bypass the DNS limitations?

Does Locust make use of IP spoofing to bypass the DNS limitations?
No, it does not.
But if you actually meant to ask "Could Locust make use of IP spoofing?" the answer is yes, see https://github.com/locustio/locust/issues/376
Regarding your actual core problem (DNS limits), there should be better solutions though. Check out https://github.com/locustio/locust/issues/1614 (although the user who filed that didnt seem to get my proposed solution to work...)

Related

Do OWASP CRS modsecurity rules prevent DOS as in these 2 scenarios?

From OWASP CRS (modsecurity) related docs (which I can find in the public domain) I can infer that brute force and DOS protection have been taken care of. However, I am not able to find specific details regarding the rules that prevent DOS. Currently, my server is experiencing brute force attacks of the below kind:
Same IP, Same Resource/Page At The Same Time
aa.bb.cc.dd 2021-04-27T07:01:37
aa.bb.cc.dd 2021-04-27T07:01:37
aa.bb.cc.dd 2021-04-27T07:01:37
Different IPs With Same Reverse DNS Host, Same Resource/Page At The Same Time. The first two octets of the IPs remain the same.
aa.bb.cc.dd 2021-04-27T07:01:37
aa.bb.ee.ff 2021-04-27T07:01:37
aa.bb.gg.hh 2021-04-27T07:01:37
Can someone experienced with OWASP CRS let me know if such attacks can be prevented with the CRS?
Update:
I am using apache 2.4. Regarding CRS, I am using version 3.3.0
You didn't write what HTTP server you use - that's important.
I think there are more solutions for your first item. CRS has the optional DOS protection, see this section of crs.conf. This can be help you in other cases too, eg. the resources are different.
Most HTTP server provides other solutions too, eg. if you use Apache, check the mod_evasive (most distribution provides this as package). I do not know about similar solution for Nginx.
Your second issue is rather a DDOS, because the IP addresses are different.
It's a bit out of scope, but you can check the fail2ban (also supported by most distro) - may be that can help you too.

Locust, How to set source request ip

The virtual machine which run Locust has multiple network cards
Is there any way to set source request IP of Locust?
https://docs.locust.io/en/stable/configuration.html#command-line-options
It should be possible by monkey patching socket.create_connection() using the solution described here, as Locust’s HttpUser uses requests.
Requests, bind to an ip
My original answer was deleted by a mod for some unknown reason. Lets hope it doesnt happen again...

Localtunnel is not setting up the requested subdomain from the command 'lt --port 4000 --subdomain xyz'

I have been trying to set the subdomain in localtunnel, but it keeps throwing me different subdomains.
Port number is 4000 and it's running.
The command which I used :
lt --port 4000 --subdomain xyz (I changed subdomain name for the security reason).
Where am I doing wrong?
I know it is a very late answer, but for the help of others searchers who get to this link, and are not able to find a valid answer, for those users I am writing this answer
The command which I used : lt --port 4000 --subdomain xyz (I changed
subdomain name for the security reason).
The first thing is that the command is ok but before local tunnel assigns you a subdomain it must be available first.
Now you may be thinking that I am using a private very unique domain name which should have available, yes you are right but remember local tunnel keeps the record of subdomains provided by you and builds his private database which contains enough pool for random subdomain assigning feature.
Which now clears that after one, two or even more (non-consecutive) attempts it is possible that your domain assigned to someone else so that for that period you can obviously not use that domain, however whenever that domain will be freed, you will be assigned the requested domain for sure.
I'm not familiar enough with localtunnel to tell you what's wrong there, but I can tell you how to accomplish your same goal using Telebit:
(p.s. Did you figure this out? If so, I'd love to hear how you did it and I'm sure others would too)
Install
curl https://get.telebit.io | bash
You can also install via npm... but that isn't the preferred install method at this time. There may be some caveats.
The random domain you get is attached to your account (hence the need for email) and it's encrypted end-to-end with Greenlock via Let's Encrypt.
Configure
./telebit http 4000 xyz
The general format is
./telebit <protocol> <port> [subdomain]
It's not just https, you can use it to tunnel anything over tls/ssl (plain tcp, ssh, openvpn, etc).
Custom domains are not yet a generally available feature, but they're on the horizon.

Can my ip address be taken as spammer for using Net::DNS too much?

I have to check the validity of around 1 million email addresses, I don't care if the email is "deliverable", I just want to check if the structure is right and the domain exists. To accomplish this I'm using Email::Valid module with the option -mxcheck which use Net::DNS module as well, but I'm afraid of to be taken as spammer for using it too much (as happen with nslooukup utility). So, can this happen with Net::DNS module?
Hope you can help me.
Regards
Net::DNS does the same thing as nslookup and other tools, it sends a DNS query to a DNS server and processes the reply. I don't know which DNS server you used with nslookup but with both nslookup and Net::DNS you can specify the DNS server to use and maybe you'll find some DNS server which does not consider your activity as spamming. As an example you might try the DNS server provided by google: 8.8.8.8.
Alternatively you can setup your own recursive DNS server on the local machine it let this server resolve all the queries and cache the results. When setup without forwarder the server will not use your ISP's DNS server to resolve all queries but instead ask the DNS servers responsible for the specific domains.
In case you did not understand any of these recommendations I would suggest to have a look at how DNS works.

Get Azure public IP address from deployed app

I'm implementing the PASV mode in a FTP server, and I send to the client the IP address and port of the data end point. This is stupid because the IP is actually where the client is already connecting, so there ire two options:
How could I get the public IP
address from a given instance? Not
the VIP, but the public one.
How could I get the original target
IP address that the user used from
a Socket object? Considering routers and load balancers in the middle :P
An answer to any of this questions would do, although there is another way that could work... may I get the public IP address doing a DNS look up of myapp.cloudapp.net?
A fourth option would be use the Azure Management API library... but, too much trouble :P.
Cheers.
Not sure if you ever figured this out, but here's my take on it. The individual role instances are all behind the Windows Azure load balancer and have no idea what the original, outward-facing IP address is. Also, there's no Management API call that returns IP address - Get Deployment returns the URL but not the IP address. I think the only option is going to be a dns lookup.
Having said that: I don't think you can host a passive ftp server in your role instance (at least not elegantly). You may open up to 25 input endpoints on your role (up from 5 - see my recent blog post about this update), but there's manual work involved in the configuration. I don't know if your ftp application lets you limit your port range to such a small number of ports. Also:
You'd have to define each port as its own input endpoint (this is the manual labor part I mentioned) - input endpoints don't allow a port range to be specified, unlike the internal endpoints.
You'd have to specify the port number that's used internally, and the port numbers would need to be sequential
One last thing on ftp: you should be able to host an sftp server with no trouble, since all traffic comes through one port.
The hack that I'm contemplating right now is to retrieve http://www.icanhazip.com/. It isn't elegant and is subject to the availability of that service, but it gets the job done. A better solution would be appreciated!