This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Facebook in Russia and a diagnostic problem
- Previous message (by thread): [atlas] Facebook in Russia and a diagnostic problem
- Next message (by thread): [atlas] Facebook in Russia and a diagnostic problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Manu Bretelle
chantr4 at gmail.com
Mon Mar 14 18:37:51 CET 2022
On Mon, Mar 14, 2022 at 6:07 AM Lukas Tribus <lukas at ltri.eu> wrote: > > Most likely TCP session kill based on the server response (certificate). > > It could also be a combination of multiple indicators. IP addresses, > SNI, TTL, but here it seems more likely to be the first one. > > This could be proven: put a self-signed cert of www.facebook.com on a > server and try to repeat the IP address based check. This is indeed what I could see last week. For instance, providing a SNI of Instagram.com (1 week ago) would get through, providing an SNI of foo.com would fail verification (expected), providing an empty value for SNI would also fail with client hello read timeout. When no SNI is provided, the default cert is for *.Facebook.com. Asking for Facebook.com against a Cloudflare IP was also showing the read timeout. Request to CF IP with empty SNI would successfully return a cert. > This suggest that either SNI filtering is done on return client hello so it can catch the default cert when no SNI is provided, or that there is a combination of dropping outgoing client hello with specific name + dropping empty SNI to specific ranges, or a combination of both. The CF example makes he believe it is the second option. I will send example probes when I get to a device with a keyboard. Manu > > > Lukas > > -- > ripe-atlas mailing list > ripe-atlas at ripe.net > https://mailman.ripe.net/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20220314/66c9c4d4/attachment.html>
- Previous message (by thread): [atlas] Facebook in Russia and a diagnostic problem
- Next message (by thread): [atlas] Facebook in Russia and a diagnostic problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]