He's not wrong, but it requires some explanation.
I went though a lot of the network blocks "belonging to China". Yes they are geolocated to China. No, they are not being used by Chinese entities, at least overtly. They are being used by Amazon.
When AWS (and for that matter, GCP) expanded into China, they could not build their own cloud infa from scratch and were forced to partner with Baidu/Tencent.
On 11/3 and 11/4, I saw these same IPs and geolocation associated with the DNS records for hosts running the Scytl portals for AZ, VA, MI, PA, Atlanta, Denver, and Rancho Cucamonga (CA). Other resource records for the same hosts listed IP addresses in the US, DE and IE as well- consistent with the most common NA and EU AWS availability zones. Even if there were no fuckery afoot, this would be a common occurrence for any multinational corp deploying into multiple AZs for fault tolerance.
What is surprising is that any of it was allowed to go to CN / AsiaPac AZs.. this is something the tenant owner (Dominion or Scytl) has to include when they instantiate, and must select specific AZs when publishing workloads. This is basics- AWS-101 level stuff- and wouldn't be overlooked by sysadmins, let alone by beancounters after the first month's bill hit. It's expensive.
Another explanation could be that they allowed those hosts to be advertised through the CN AZs for geo load balancing, but the connection patterns don't really support that unless the querier was in APJC. So again... that leads us down the path to intent and malice.
Yeah sure.
They sent it to China first. It could only be done in China.
lulz
He's not wrong, but it requires some explanation. I went though a lot of the network blocks "belonging to China". Yes they are geolocated to China. No, they are not being used by Chinese entities, at least overtly. They are being used by Amazon.
When AWS (and for that matter, GCP) expanded into China, they could not build their own cloud infa from scratch and were forced to partner with Baidu/Tencent.
On 11/3 and 11/4, I saw these same IPs and geolocation associated with the DNS records for hosts running the Scytl portals for AZ, VA, MI, PA, Atlanta, Denver, and Rancho Cucamonga (CA). Other resource records for the same hosts listed IP addresses in the US, DE and IE as well- consistent with the most common NA and EU AWS availability zones. Even if there were no fuckery afoot, this would be a common occurrence for any multinational corp deploying into multiple AZs for fault tolerance.
What is surprising is that any of it was allowed to go to CN / AsiaPac AZs.. this is something the tenant owner (Dominion or Scytl) has to include when they instantiate, and must select specific AZs when publishing workloads. This is basics- AWS-101 level stuff- and wouldn't be overlooked by sysadmins, let alone by beancounters after the first month's bill hit. It's expensive.
Another explanation could be that they allowed those hosts to be advertised through the CN AZs for geo load balancing, but the connection patterns don't really support that unless the querier was in APJC. So again... that leads us down the path to intent and malice.