This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrea Barberio
insomniac at slackware.it
Fri Sep 29 16:42:37 CEST 2017
Have you also looked at this project from the last RIPE DNS hackaton? https://recdnsfp.github.io/ Follow-up at https://www.ietf.org/proceedings/99/slides/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas-01.pdf Cheers, Andrea ----- Original Message ----- From: "Baptiste Jonglez" <baptiste.jonglez at imag.fr> To: ripe-atlas at ripe.net Sent: Friday, September 29, 2017 1:56:12 PM Subject: [atlas] List of Atlas probes subjected to DNS traffic interception (MITM) Hi, I am looking for a list of Atlas probes that suffer from DNS traffic interception, to exclude them from my measurements. What I mean by "traffic interception" is that DNS queries from the probe to a third-party DNS server do not reach the server, but are intercepted and answered by a middle-box instead. I started building this list myself, but it's a long and potentially error-prone process. It seems that the "DNS Root Instances" map could be used for that purpose, because DNS traffic interception shows up as if the probe was contacting an "Unknown" root instance. To get the list of probes, I ended up using an URL like the following, showing probes for all possible "unknown" root instance hostnames: https://atlas.ripe.net/results/maps/root-instances/?server=1&question=10300&af=4&filter=&show_only=dns1.com2com.ru%2Cnl1.dnscrypt.eu ... However, there seems to be a limit on the size of the URL so I cannot get all probes, and they are just displayed on the map without any obvious way to get the raw list of probes instead. Is there a way to get the raw list of probes from this map? Or has anybody already done this classification work independently? I also looked for DNS-related tags on probes, but could not find anything useful. Thanks, Baptiste
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]