This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] New on RIPE Labs: Celebrating 10, 000 Active RIPE Atlas Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Baptiste Jonglez
baptiste.jonglez at imag.fr
Fri Sep 29 16:53:25 CEST 2017
On Fri, Sep 29, 2017 at 04:42:37PM +0200, Andrea Barberio wrote: > Have you also looked at this project from the last RIPE DNS hackaton? https://recdnsfp.github.io/ > > Follow-up at https://www.ietf.org/proceedings/99/slides/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas-01.pdf Yes, I had a look thanks to Vesna: it's interesting but too elaborate for my needs! The goal here is just to filter out "misbehaving" probes, and Giovane's method is simple and effective for this. Thanks, Baptiste > ----- Original Message ----- > From: "Baptiste Jonglez" <baptiste.jonglez at imag.fr> > To: ripe-atlas at ripe.net > Sent: Friday, September 29, 2017 1:56:12 PM > Subject: [atlas] List of Atlas probes subjected to DNS traffic interception (MITM) > > Hi, > > I am looking for a list of Atlas probes that suffer from DNS traffic > interception, to exclude them from my measurements. What I mean by > "traffic interception" is that DNS queries from the probe to a third-party > DNS server do not reach the server, but are intercepted and answered by a > middle-box instead. > > I started building this list myself, but it's a long and potentially > error-prone process. > > It seems that the "DNS Root Instances" map could be used for that purpose, > because DNS traffic interception shows up as if the probe was contacting > an "Unknown" root instance. To get the list of probes, I ended up using > an URL like the following, showing probes for all possible "unknown" root > instance hostnames: > > https://atlas.ripe.net/results/maps/root-instances/?server=1&question=10300&af=4&filter=&show_only=dns1.com2com.ru%2Cnl1.dnscrypt.eu ... > > However, there seems to be a limit on the size of the URL so I cannot get > all probes, and they are just displayed on the map without any obvious way > to get the raw list of probes instead. > > Is there a way to get the raw list of probes from this map? Or has > anybody already done this classification work independently? I also > looked for DNS-related tags on probes, but could not find anything useful. > > Thanks, > Baptiste -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: </ripe/mail/archives/ripe-atlas/attachments/20170929/27198665/attachment.sig>
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] New on RIPE Labs: Celebrating 10, 000 Active RIPE Atlas Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]