ACM.463 The routing mystery that would be much easier to solve with a “No Route To Host” error message
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~
⚙️ Discover my series on Automation of cybersecurity measures. THE Coded.
🔒 Related Stories: Internet Security | AWS Security | Cloud architecture
💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~
In the last article I showed how I created a fake entry in the VPC flow logs and what you can do about it. I wonder why this is even possible for AWS services. In any case, you must prohibit actions that you do not want to occur on your account.
I know AWS tries to make networking easier with its in-console visuals, but sometimes a plain old log is a little easier to decipher. Especially when you have something complicated like the one I’m working on, which involves on-premises routing, VPN, transit gateway, VPCs, NAT, and internet gateway.
I wrote about the dreaded “No Route To Host” message which totally confused me when I saw it in the news while working for a firewall vendor and trying to demonstrate how to automate the product configuration in AWS. The error was coming from the firewall and not AWS. This was actually helpful because without this error message I would have no explanation for the problem. But someone had to explain it to me.
There is actually better messaging that providers can provide, as explained below, if they truly want to be more helpful.
I recently wrote in this article about resolving this error message when you place a firewall or router in front of another firewall or router. You need to add routing to send the packets back to the correct source.