Hosts: Why block AWS Kinesis?

Created on 19 May 2020  ·  9Comments  ·  Source: StevenBlack/hosts

Today I was left puzzled as to why kinesis.us-east-1.amazonaws.com was resolving to 0.0.0.0 as I was producing a plan with terraform to check out a production bug in our infrastructure.

It turns out that the DNS is in the hosts file. It didn't really take me too long to find, because of the handy DNS Query List tool in pihole, but still, why is this domain blocked here in the first place?

I managed to workaround it by whitelisting it in pihole, but is there some serious security consideration to justify blocking this domain? Is this abused somehow by shady domains?

Thanks!

upstream
Source
picture gchamon

Most helpful comment

@StevenBlack

Thanks for the feedback, it was interesting to see ways kinesis is used directly to handle ads streams.

I will have to whitelist it, but I am happy to know this is not a wrongly blacklisted domain.

Just one more thought...

Kinesis is also available in the following regions: [1]

image

It might be interesting to discuss with the curators to add those regions to the list. As it stands now, only data streams based in North Virginia will be blocked. If ads streams are set in São Paulo, for instance, they will not be blocked by this list because kinesis.sa-east-1.amazonaws.com is not in the list. [2]

[1] https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

[2] https://docs.aws.amazon.com/general/latest/gr/rande.html

picture gchamon on 20 May 2020
2 🚀1 👍1

All 9 comments

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

welcome[bot] picture welcome[bot] on 19 May 2020

Hi Gabriel @gchamon the inesis.us-east-1.amazonaws.com domain comes to us via AdAway.

Ping @jawz101, can you have a look at this one? Thanks.

StevenBlack picture StevenBlack on 20 May 2020
👍1

Thanks for the quick reply! Love the project btw!!

gchamon picture gchamon on 20 May 2020
1

I'll think about it. Looking into the product Amazon Kinesis involves realtime analytics processing and I can see that be for ads and tracking

YieldMo case study

Veritone facial recognition and Sonos monitoring all of their customer's stereos- both mentioned on the Kinesis webpage

Nielsen TV ratings, Salesforce, Zeta, Quantcast use cases

Amazon Prime Video advertising at scale

more Amazon vids demoing it for realtime analytics

Someone can whitelist it but I'm not interested in doing so unless it affects me on my phone. When I see my phone churning out connections to it because Amazon wants to analyze everything I do, read from logcat logs and whatnot- I really don't have interest in helping them because their whole platform is built on your phone being a portable cash register you buy.

Certainly they sell the infrastructure to others to use in other solutions but I'm not inclined to simply remove it for those few use cases when the majority of its service is for analyzing end users sentiments and interactions.

jawz101 picture jawz101 on 20 May 2020
👍4

Thanks @jawz101 I appreciate the thorough assessment here.

Gabriel @gchamon I trust the judgment our curators — they are Good People.

Closing.

StevenBlack picture StevenBlack on 20 May 2020
👍1

@StevenBlack

Thanks for the feedback, it was interesting to see ways kinesis is used directly to handle ads streams.

I will have to whitelist it, but I am happy to know this is not a wrongly blacklisted domain.

Just one more thought...

Kinesis is also available in the following regions: [1]

image

It might be interesting to discuss with the curators to add those regions to the list. As it stands now, only data streams based in North Virginia will be blocked. If ads streams are set in São Paulo, for instance, they will not be blocked by this list because kinesis.sa-east-1.amazonaws.com is not in the list. [2]

[1] https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

[2] https://docs.aws.amazon.com/general/latest/gr/rande.html

gchamon picture gchamon on 20 May 2020
2 🚀1 👍1

@jawz101 you got dis ⬆️ ?

StevenBlack picture StevenBlack on 20 May 2020 
0.0.0.0 firehose.ap-east-1.amazonaws.com
0.0.0.0 kinesis.ap-east-1.amazonaws.com
0.0.0.0 logs.ap-east-1.amazonaws.com
0.0.0.0 firehose.ap-northeast-1.amazonaws.com
0.0.0.0 kinesis.ap-northeast-1.amazonaws.com
0.0.0.0 logs.ap-northeast-1.amazonaws.com
0.0.0.0 firehose.ap-northeast-2.amazonaws.com
0.0.0.0 kinesis.ap-northeast-2.amazonaws.com
0.0.0.0 logs.ap-northeast-2.amazonaws.com
0.0.0.0 kinesis.ap-northeast-3.amazonaws.com
0.0.0.0 logs.ap-northeast-3.amazonaws.com
0.0.0.0 firehose.ap-south-1.amazonaws.com
0.0.0.0 kinesis.ap-south-1.amazonaws.com
0.0.0.0 logs.ap-south-1.amazonaws.com
0.0.0.0 firehose.ap-southeast-1.amazonaws.com
0.0.0.0 kinesis.ap-southeast-1.amazonaws.com
0.0.0.0 logs.ap-southeast-1.amazonaws.com
0.0.0.0 firehose.ap-southeast-2.amazonaws.com
0.0.0.0 kinesis.ap-southeast-2.amazonaws.com
0.0.0.0 logs.ap-southeast-2.amazonaws.com
0.0.0.0 firehose.ca-central-1.amazonaws.com
0.0.0.0 kinesis.ca-central-1.amazonaws.com
0.0.0.0 logs.ca-central-1.amazonaws.com
0.0.0.0 firehose.eu-central-1.amazonaws.com
0.0.0.0 kinesis.eu-central-1.amazonaws.com
0.0.0.0 logs.eu-central-1.amazonaws.com
0.0.0.0 firehose.eu-north-1.amazonaws.com
0.0.0.0 kinesis.eu-north-1.amazonaws.com
0.0.0.0 logs.eu-north-1.amazonaws.com
0.0.0.0 firehose.eu-west-1.amazonaws.com
0.0.0.0 kinesis.eu-west-1.amazonaws.com
0.0.0.0 logs.eu-west-1.amazonaws.com
0.0.0.0 firehose.eu-west-2.amazonaws.com
0.0.0.0 kinesis.eu-west-2.amazonaws.com
0.0.0.0 logs.eu-west-2.amazonaws.com
0.0.0.0 firehose.eu-west-3.amazonaws.com
0.0.0.0 kinesis.eu-west-3.amazonaws.com
0.0.0.0 logs.eu-west-3.amazonaws.com
0.0.0.0 firehose.me-south-1.amazonaws.com
0.0.0.0 kinesis.me-south-1.amazonaws.com
0.0.0.0 logs.me-south-1.amazonaws.com
0.0.0.0 firehose.sa-east-1.amazonaws.com
0.0.0.0 kinesis.sa-east-1.amazonaws.com
0.0.0.0 logs.sa-east-1.amazonaws.com
0.0.0.0 firehose.us-east-1.amazonaws.com
0.0.0.0 firehose-fips.us-east-1.amazonaws.com
0.0.0.0 kinesis.us-east-1.amazonaws.com
0.0.0.0 kinesis-fips.us-east-1.amazonaws.com
0.0.0.0 logs.us-east-1.amazonaws.com
0.0.0.0 firehose.us-east-2.amazonaws.com
0.0.0.0 firehose-fips.us-east-2.amazonaws.com
0.0.0.0 kinesis.us-east-2.amazonaws.com
0.0.0.0 kinesis-fips.us-east-2.amazonaws.com
0.0.0.0 logs.us-east-2.amazonaws.com
0.0.0.0 firehose.us-gov-east-1.amazonaws.com
0.0.0.0 firehose-fips.us-gov-east-1.amazonaws.com
0.0.0.0 kinesis.us-gov-east-1.amazonaws.com
0.0.0.0 logs.us-gov-east-1.amazonaws.com
0.0.0.0 firehose.us-gov-west-1.amazonaws.com
0.0.0.0 firehose-fips.us-gov-west-1.amazonaws.com
0.0.0.0 kinesis.us-gov-west-1.amazonaws.com
0.0.0.0 logs.us-gov-west-1.amazonaws.com
0.0.0.0 firehose.us-west-1.amazonaws.com
0.0.0.0 firehose-fips.us-west-1.amazonaws.com
0.0.0.0 kinesis.us-west-1.amazonaws.com
0.0.0.0 kinesis-fips.us-west-1.amazonaws.com
0.0.0.0 logs.us-west-1.amazonaws.com
0.0.0.0 firehose.us-west-2.amazonaws.com
0.0.0.0 firehose-fips.us-west-2.amazonaws.com
0.0.0.0 kinesis.us-west-2.amazonaws.com
0.0.0.0 kinesis-fips.us-west-2.amazonaws.com

kinesis - Kinesis Data Streams
firehose - Kinesis Data Firehose
logs - Amazon CloudWatch

llacb47 picture llacb47 on 20 May 2020
3

hmm.... well maybe I need to just remove it. When I see something like FIPS I feel like I would be causing some sort of crypto/authentication mechanism.

I went ahead and removed them. If anyone has any more insight into the whole enchilada I'd be interested to know what they may be used for.

jawz101 picture jawz101 on 20 May 2020
😕2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bsd-source picture bsd-source  ·  3Comments
Sego1234 picture Sego1234  ·  3Comments
mikhoul picture mikhoul  ·  3Comments
AkiraJkr picture AkiraJkr  ·  3Comments
onmyouji picture onmyouji  ·  3Comments