On 03/22/18 09:02, Alexandre Snarskii wrote:
On Wed, Mar 21, 2018 at 02:19:43PM -0700, Ronald F. Guilmette wrote:
[...]
P.S. It is my assumption that the kind of thing I'm looking for, if
it exists at all, will be found somewhere below the application layer.
I do not rule out however that there may be some way of differentiating
the two cases described above by looking at application layer responses
for some certain common applications. As far as I know however, it is
not possible to make the desired differentiation on the basis of
application layer responses for most typical network applications,
e.g. various makes and model numbers of servers for HTTP, HTTPS,
SMTP, SSH, DNS, etc. Of course, if I have simply missed something,
and if there is in fact a way to differentiate the two cases on the
basis of responses sent for any of these application protocols, then
I sure would like to know about that too.
DNS: if both A and A' running open recursive DNS servers (bad idea in
modern internet, but..) it's possible to use TTL field to differentiate.
Scenario: create some DNS record with good enough TTL of one hour. Ask A
about this record, get answer with TTL = 3600. Wait for ten seconds, then
ask A' about the same record. If received TTL is about 3590 - it's really
likely that A and A' is the same host.
If A and A' do resolve beyond their SOA for clients outside of their
domain. That was vulnerable for abuse, and hardly anybody does that
these days. Am I missing something?
Valeri
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
