月度归档:2017年03月

windows 7/windows 2008/ tls1.2 / .net

Disable RC2 RC4 And SSL 2.0

https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protocols-in-schannel.dll

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000

Protocol

KEA

SYM (bit)

HSH (bit)

CipherSuite

TLS1.0

RSAKeyX

AES (128)

SHA1 (160)

TLS_RSA_WITH_AES_128_CBC_SHA    

SSL3.0

RSAKeyX

RC4 (128)

SHA1 (160)

SSL_RSA_WITH_RC4_128_SHA

SSL2.0

RSAKeyX

RC4 (128)

MD5 (128)

SSL_CK_RC4_128_WITH_MD5

TLS 1.2 and Microsoft.Net

Now lets focus on using TLS 1.2 in .Net world. We need to make sure that
the web sites are served via TLS 1.2 protocol and client apps which are
consuming the same need to support TLS 1.2. .Net is running on top of
operating system and mostly its windows. If host windows supports TLS
1.2 .Net can also support TLS 1.2 as it relies on schannel.dll1
The first task here is to make sure we are using the right tools and technologies.


TLS 1.2 and .Net Framework 4.5


.Net is also versioned. Versions below 4.5*doesn't know how to
communicate via TLS 1.2.In .Net 4.5 the TLS 1.2 is enabled
by default.
Simply compile our applications in ,Net 4.5 and we will get TLS 1.2
communication for our applications.


How to make .Net 4.0 app talk using TLS 1.2


Technically speaking just recompile existing older application to .Net
4.5 to get TLS 1.2 support. It sounds simple as everybody expecting that
there are no breaking changes in .Net 4.5 and our application will
function as is. But if we are serious about delivering quality software
we also need to test entire app in 4.5 before shipping. It really adds
cost.

Lets see if there are any ways to use TLS 1.2 by .Net 4.0 apps.

System.dll overwrite

When we install .Net 4.5 its basically adding changes on top of .Net
4.0. In other words the System.dll used for 4.0 apps will be overwritten
to 4.5 version of System.dll. So there are possibilities that .Net 4.0
apps will execute 4.5 code when they access functions in System.dll.
Which means if we have .Net 4.5 installed in the machine where our .Net
4.0 is running it can take advantage of TLS1.2. All our solutions below
are depending on this factor.
Below links explains the .Net versioning and overwriting.


1.Code change in 4.0 to use TLS 1.2

Now its the matter of changing the default protocol used by 4.0 to TLS
1.2. This can be done by forcefully changing the  protocol as below.

//SecurityProtocolType.Tls1.2;

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
| SecurityProtocolType.Tls11 
| SecurityProtocolType.Tls;

// comparable to modern browsers
var request = WebRequest.Create("https://www.howsmyssl.com/a/check");
var response = request.GetResponse(); 
var body = new StreamReader(response.GetResponseStream()).ReadToEnd();


If we look at the SecurityProtocolType enum for .Net 4.0, we will not be able to see the TLS1.2. But in 4.5 we can see that. So .Net 4.0 will not compile if we use TLS1.2 enum value. But if we use the TLS1.2 enum number it will compile and at runtime since the .Net 4.0's System.dll is replaced with 4.5 the cast will work. 

 
Please note that this will fail if we are running the same app in a machine which don't have 4.5 installed. Recommended only for servers where its easy to manage the .Net version.


2.Registry change to force .Net 4.0 to use TLS 1.2

If we inspect the .Net 4.5 ServicePointManager source code we can see that the default protocol is depending on the below registry entry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
    SchUseStrongCrypto to DWORD 1

The default value will be 0. Simply change this to 1 to get .Net 4.5
System.dll use TLS 1.2. Since our 4.0 application uses 4.5 System.dll
4.0 gets TLS 1.2 support.

http://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5


References

https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Client_.28Browser.29_Configuration
https://www.simple-talk.com/dotnet/.net-framework/tlsssl-and-.net-framework-4.0/
https://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx
https://istlsfastyet.com/
http://blogs.msdn.com/b/benjaminperkins/archive/2014/11/04/using-tls-1-2-with-wcf.aspx
http://blogs.msdn.com/b/benjaminperkins/archive/2011/10/07/secure-channel-compatibility-support-with-ssl-and-tls.aspx
http://www.dotnetnoob.com/2013/10/hardening-windows-server-20082012-and.html

TLS Cipher Suites in Windows 7
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767780%28v=vs.85%29.aspx
TLS Cipher Suites in Windows 8
https://msdn.microsoft.com/en-us/library/windows/desktop/mt762882%28v=vs.85%29.aspx
TLS Cipher Suites in Windows 8.1
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767781%28v=vs.85%29.aspx
TLS Cipher Suites in Windows 10 v1507
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767769%28v=vs.85%29.aspx
TLS Cipher Suites in Windows 10 v1511
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767768%28v=vs.85%29.aspx
TLS Cipher Suites in Windows 10 v1567
https://msdn.microsoft.com/en-us/library/windows/desktop/mt490158%28v=vs.85%29.aspx

Tools

for .net framework 4.5
SSLTLSCheck.zip

点击查看原图

nuget


下载地址:

命令行: http://nuget.codeplex.com/downloads/get/669083
命令行: http://nuget.org/downloads
图形窗: https://github.com/NuGetPackageExplorer

*.nuspec

Folder Description Action upon package install
tools Powershell scripts and programs accessible from the Package Manager Console Contents are copied to the project folder, and the tools folder is added to the PATH environment variable.
lib Assembly(.dll) files (.dll), documentation (.xml) files, and symbol (.pdb) files Assemblies are added as references; .xml and .pdb copied into project folders.
content Arbitrary files Contents are copied to the project root
build MSBuild .targets and .props files Automatically inserted into the project file (NuGet 2.x) or project.json.lock (NuGet 3.x).
<?xml version="1.0"?>
<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
<metadata>
<!-- The identifier that must be unique within the hosting gallery -->
<id>Contoso.Utility.UsefulStuff</id>
<!-- The package version number that is used when resolving dependencies -->
<version>1.8.3.331</version>
<!-- Authors contain text that appears directly on the gallery -->
<authors>Dejana Tesic, Rajeev Dey</authors>
<!-- Owners are typically nuget.org identities that allow gallery
users to earily find other packages by the same owners.  -->
<owners>dejanatc, rjdey</owners>
<!-- License and project URLs provide links for the gallery -->
<licenseUrl>http://opensource.org/licenses/MS-PL</licenseUrl>
<projectUrl>http://github.com/contoso/UsefulStuff</projectUrl>
<!-- The icon is used in Visual Studio's package manager UI -->
<iconUrl>http://github.com/contoso/UsefulStuff/nuget_icon.png</iconUrl>
<!-- If true, this value prompts the user to accept the license when
installing the package. -->
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<!-- Any details about this particular release -->
<releaseNotes>Bug fixes and performance improvements</releaseNotes>
<!-- The description can be used in package manager UI. Note that the
nuget.org gallery uses information you add in the portal. -->
<description>Core utility functions for web applications</description>
<!-- Copyright information -->
<copyright>Copyright ©2016 Contoso Corporation</copyright>
<!-- Tags appear in the gallery and can be used for tag searches -->
<tags>web utility http json url parsing</tags>
<!-- Dependencies are automatically installed when the package is installed -->
<dependencies>
<dependency id="Newtonsoft.Json" version="9.0" />
</dependencies>
</metadata>
<!-- A readme.txt will be displayed when the package is installed -->
<files>
<file src="readme.txt" target="" />
</files>
</package>


命令:

nuget spec
nuget pack ClassLibrary2.csproj -Build -Properties Configuration=Release
nuget push *.nupkg -s http://127.0.0.1 apikey

iis6:
需要添加通配符程序
点击查看原图
点击查看原图
注意64bit/32bit
点击查看原图

ASP.NET URL

Browser Request 的網址相關的屬性與用法:

網址:http://localhost:1897/News/Press/Content.aspx/123?id=1#toc
Request.ApplicationPath /
Request.PhysicalPath D:\Projects\Solution\web\News\Press\Content.aspx
System.IO.Path.GetDirectoryName(Request.PhysicalPath) D:\Projects\Solution\web\News\Press
Request.PhysicalApplicationPath D:\Projects\Solution\web\
System.IO.Path.GetFileName(Request.PhysicalPath) Content.aspx
Request.CurrentExecutionFilePath /News/Press/Content.aspx
Request.FilePath /News/Press/Content.aspx
Request.Path /News/Press/Content.aspx/123
Request.RawUrl /News/Press/Content.aspx/123?id=1
Request.Url.AbsolutePath /News/Press/Content.aspx/123
Request.Url.AbsoluteUri http://localhost:1897/News/Press/Content.aspx/123?id=1
Request.Url.Scheme http
Request.Url.Host localhost
Request.Url.Port 1897
Request.Url.Authority localhost:1897
Request.Url.LocalPath /News/Press/Content.aspx/123
Request.PathInfo /123
Request.Url.PathAndQuery /News/Press/Content.aspx/123?id=1
Request.Url.Query ?id=1
Request.Url.Fragment  
Request.Url.Segments /
News/
Press/
Content.aspx/
123

.

sql injection scans

测试SQL注入的工具:通过精度选择还是向量覆盖率选择?

为了回答这个问题,我们使用了sectoolmarket.com网站提供的标准测试结果,我们先假设候选的扫描程序的测试精度和向量覆盖率有相同的重要
性。我们将GET。POST,HTTP Cookie和HTTP
Headers作为应该被支持的输入向量。当所有的参数都被支持时,这个扫描器的覆盖范围的比率为100%(4/4)。

我们建议使用下面的算术方程式,也就是说对于漏洞扫描器的得分求一个平均值。

然后从得到的检测准确率的百分比中,我们列出前14名的扫描器:

Rank Vulnerability Scanner Vendor Detection Rate Input Vector Coverage Average Score
1 Arachni Tasos Laskos 100.00% 100% 100.00%
2 Sqlmap sqlmap developers 97.06% 100% 98,53%
3 IBM AppScan IBM Security Sys Division 93.38% 100% 96,69%
4 Acunetix WVS Acunetix 89.71% 100% 94,85%
5 NTOSpider NT OBJECTives 85.29% 100% 92,64%
6 Nessus Tenable Network Security 82.35% 100% 91,17%
7 WebInspect HP Apps Security Center 75.74% 100% 87,87%
8 Burp Suite Pro PortSwigger 72.06% 100% 86,03%
9 Cenzic Pro Cenzic 63.24% 100% 81,62%
10 SkipFish Michal Zalewski – Google 50.74% 100% 75,37%
11 Wapiti OWASP 100.00% 50% 75.00%
12 Netsparker Mavituna Security 98.00% 50% 74.00%
13 Paros Pro MileSCAN Technologies 93.38% 50% 71,69%
14 ZAP OWASP 77,21% 50% 63,60%

我们可以通过对扫描器的扫描漏洞的精度和向量覆盖率取到的平均值,做出下面一个图表。

点击查看原图

下表来源:https://msdn.microsoft.com/en-us/library/ms161953%28SQL.105%29.aspx

When you can, reject input that contains the following characters.

Input character

Meaning in Transact-SQL

;

Query delimiter.

'

Character data string delimiter.

--

Comment delimiter.

/* ... */

Comment delimiters. Text between /* and */ is not evaluated by the server.

xp_

Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.

China Unicom PING AWS

China unicom ping aws
位于北京-使用联通网络ping AWS 服务
2017/03/01

美国东部 (弗吉尼亚北部)
C:\Users\Administrator>ping console.aws.amazon.com

正在 Ping us-east-1.console.aws.amazon.com [54.239.31.83] 具有 32 字节的数据:
来自 54.239.31.83 的回复: 字节=32 时间=281ms TTL=224
来自 54.239.31.83 的回复: 字节=32 时间=281ms TTL=224
来自 54.239.31.83 的回复: 字节=32 时间=281ms TTL=224
来自 54.239.31.83 的回复: 字节=32 时间=281ms TTL=224

美国东部 (俄亥俄)
C:\Users\Administrator>ping us-east-2.console.aws.amazon.com

正在 Ping console.us-east-2.amazonaws.com [52.95.20.79] 具有 32 字节的数据:
来自 52.95.20.79 的回复: 字节=32 时间=219ms TTL=230
来自 52.95.20.79 的回复: 字节=32 时间=219ms TTL=230
来自 52.95.20.79 的回复: 字节=32 时间=223ms TTL=230
来自 52.95.20.79 的回复: 字节=32 时间=218ms TTL=230

美国西部 (加利福尼亚北部)
C:\Users\Administrator>ping us-west-1.console.aws.amazon.com

正在 Ping us-west-1.console.aws.amazon.com [176.32.112.45] 具有 32 字节的数据:
请求超时。
请求超时。
请求超时。

美国西部 (俄勒冈)
C:\Users\Administrator>ping us-west-2.console.aws.amazon.com

正在 Ping us-west-2.console.aws.amazon.com [54.240.254.239] 具有 32 字节的数据:
来自 54.240.254.239 的回复: 字节=32 时间=236ms TTL=233
来自 54.240.254.239 的回复: 字节=32 时间=237ms TTL=233
来自 54.240.254.239 的回复: 字节=32 时间=235ms TTL=233
来自 54.240.254.239 的回复: 字节=32 时间=236ms TTL=233

加拿大 (中部)
C:\Users\Administrator>ping ca-central-1.console.aws.amazon.com

正在 Ping console.ca-central-1.amazonaws.com [52.94.96.127] 具有 32 字节的数据:
来自 52.94.96.127 的回复: 字节=32 时间=242ms TTL=229
来自 52.94.96.127 的回复: 字节=32 时间=238ms TTL=229
来自 52.94.96.127 的回复: 字节=32 时间=238ms TTL=229
来自 52.94.96.127 的回复: 字节=32 时间=237ms TTL=229

欧洲 (爱尔兰)
C:\Users\Administrator>ping eu-west-1.console.aws.amazon.com

正在 Ping eu-west-1.console.aws.amazon.com [54.239.38.117] 具有 32 字节的数据:
请求超时。
请求超时。
请求超时。

欧洲 (法兰克福)
C:\Users\Administrator>ping eu-central-1.console.aws.amazon.com

正在 Ping console.eu-central-1.amazonaws.com [54.239.54.102] 具有 32 字节的数据:

来自 54.239.54.102 的回复: 字节=32 时间=413ms TTL=234
来自 54.239.54.102 的回复: 字节=32 时间=412ms TTL=234
来自 54.239.54.102 的回复: 字节=32 时间=413ms TTL=234
来自 54.239.54.102 的回复: 字节=32 时间=413ms TTL=234

欧洲 (伦敦)
C:\Users\Administrator>ping eu-west-2.console.aws.amazon.com

正在 Ping console.eu-west-2.amazonaws.com [52.94.56.93] 具有 32 字节的数据:
来自 52.94.56.93 的回复: 字节=32 时间=363ms TTL=234
来自 52.94.56.93 的回复: 字节=32 时间=354ms TTL=234
来自 52.94.56.93 的回复: 字节=32 时间=359ms TTL=234
来自 52.94.56.93 的回复: 字节=32 时间=366ms TTL=234

亚太区域 (新加坡)
C:\Users\Administrator>ping ap-southeast-1.console.aws.amazon.com

正在 Ping ap-southeast-1.console.aws.amazon.com [54.240.226.142] 具有 32 字节的
数据:
来自 54.240.226.142 的回复: 字节=32 时间=146ms TTL=238
来自 54.240.226.142 的回复: 字节=32 时间=146ms TTL=238
来自 54.240.226.142 的回复: 字节=32 时间=148ms TTL=238
来自 54.240.226.142 的回复: 字节=32 时间=146ms TTL=238

亚太区域 (悉尼)
C:\Users\Administrator>ping ap-southeast-2.console.aws.amazon.com

正在 Ping ap-southeast-2.console.aws.amazon.com [54.240.195.68] 具有 32 字节的数
据:
来自 54.240.195.68 的回复: 字节=32 时间=231ms TTL=237
请求超时。
来自 54.240.195.68 的回复: 字节=32 时间=233ms TTL=237
来自 54.240.195.68 的回复: 字节=32 时间=231ms TTL=237

亚太区域 (首尔)
C:\Users\Administrator>ping ap-northeast-2.console.aws.amazon.com

正在 Ping ap-northeast-2.console.aws.amazon.com [52.95.193.28] 具有 32 字节的数
据:
来自 52.95.193.28 的回复: 字节=32 时间=138ms TTL=236
来自 52.95.193.28 的回复: 字节=32 时间=135ms TTL=236
来自 52.95.193.28 的回复: 字节=32 时间=142ms TTL=236
来自 52.95.193.28 的回复: 字节=32 时间=138ms TTL=236

亚太区域 (东京)
C:\Users\Administrator>ping ap-northeast-1.console.aws.amazon.com

正在 Ping ap-northeast-1.console.aws.amazon.com [54.239.96.82] 具有 32 字节的数
据:
来自 54.239.96.82 的回复: 字节=32 时间=89ms TTL=235
来自 54.239.96.82 的回复: 字节=32 时间=88ms TTL=235
来自 54.239.96.82 的回复: 字节=32 时间=89ms TTL=235
来自 54.239.96.82 的回复: 字节=32 时间=91ms TTL=235

亚太区域 (孟买)
C:\Users\Administrator>ping ap-south-1.console.aws.amazon.com

正在 Ping console.ap-south-1.amazonaws.com [52.95.88.43] 具有 32 字节的数据:
请求超时。
来自 52.95.88.43 的回复: 字节=32 时间=336ms TTL=229
来自 52.95.88.43 的回复: 字节=32 时间=336ms TTL=229
来自 52.95.88.43 的回复: 字节=32 时间=336ms TTL=229

南美洲 (圣保罗)
C:\Users\Administrator>ping sa-east-1.console.aws.amazon.com

正在 Ping sa-east-1.console.aws.amazon.com [177.72.244.68] 具有 32 字节的数据:
请求超时。
来自 177.72.244.68 的回复: 字节=32 时间=487ms TTL=239
请求超时。

来自 177.72.244.68 的回复: 字节=32 时间=499ms TTL=239

 

BAT 1:

@echo off

echo 美国东部 (弗吉尼亚北部)
ping console.aws.amazon.com

echo 美国东部 (俄亥俄)
ping us-east-2.console.aws.amazon.com

echo 美国西部 (加利福尼亚北部)
ping us-west-1.console.aws.amazon.com

echo 美国西部 (俄勒冈)
ping us-west-2.console.aws.amazon.com

echo 加拿大 (中部)
ping ca-central-1.console.aws.amazon.com

echo 欧洲 (爱尔兰)
ping eu-west-1.console.aws.amazon.com

echo 欧洲 (法兰克福)
ping eu-central-1.console.aws.amazon.com

echo 欧洲 (伦敦)
ping eu-west-2.console.aws.amazon.com

echo 亚太区域 (新加坡)
ping ap-southeast-1.console.aws.amazon.com

echo 亚太区域 (悉尼)
ping ap-southeast-2.console.aws.amazon.com

echo 亚太区域 (首尔)
ping ap-northeast-2.console.aws.amazon.com

echo 亚太区域 (东京)
ping ap-northeast-1.console.aws.amazon.com

echo 亚太区域 (孟买)
ping ap-south-1.console.aws.amazon.com

echo 南美洲 (圣保罗)
ping sa-east-1.console.aws.amazon.com

pause

BAT 2:

@echo off

ping console.aws.amazon.com

ping us-east-2.console.aws.amazon.com

ping us-west-1.console.aws.amazon.com

ping us-west-2.console.aws.amazon.com

ping ca-central-1.console.aws.amazon.com

ping eu-west-1.console.aws.amazon.com

ping eu-central-1.console.aws.amazon.com

ping eu-west-2.console.aws.amazon.com

ping ap-southeast-1.console.aws.amazon.com

ping ap-southeast-2.console.aws.amazon.com

ping ap-northeast-2.console.aws.amazon.com

ping ap-northeast-1.console.aws.amazon.com

ping ap-south-1.console.aws.amazon.com

ping sa-east-1.console.aws.amazon.com

pause