This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] HTTPS interception in Atlas probes

Previous message (by thread): [atlas] USB stick?
Next message (by thread): [atlas] Probe Fulfilment

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Mar 3 17:22:25 CET 2017

After this excellent talk at NDSS 17
<https://www.internetsociety.org/doc/security-impact-https-interception>,
I wanted to see if there are some Atlas probes behind such an
interceptor. I cannot run on all Atlas probes (maximum daily spending limit) but I've found at least one:

% python cert.py --requested 500 --area North-Central --issuer www.afnic.fr 
497 probes reported
[<X509Name object '/C=NL/O=OCOM/OU=Security Dep/CN=amspan01.ocom.lan/emailAddress=security at leaseweb.com'>] : 1 occurrences 
[<X509Name object '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Extended Validation CA - SHA256 - G2'>] : 496 occurrences 
Test #7854923 done at 2017-03-03T16:20:43Z

The probe is #10035, in Amsterdam
<https://atlas.ripe.net/probes/10035/#!tab-general>

The cert.py program is at
<https://github.com/RIPE-Atlas-Community/ripe-atlas-community-contrib>

Previous message (by thread): [atlas] USB stick?
Next message (by thread): [atlas] Probe Fulfilment

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]