Same host or different? How can you tell "over the wire"?
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Mar 22 17:37:42 UTC 2018
In message <20180322140233.GA79266 at staff.retn.net>,
Alexandre Snarskii <snar at snar.spb.ru> wrote:
>DNS: if both A and A' running open recursive DNS servers (bad idea in
>modern internet, but..) it's possible to use TTL field to differentiate.
>Scenario: create some DNS record with good enough TTL of one hour. Ask A
>about this record, get answer with TTL = 3600. Wait for ten seconds, then
>ask A' about the same record. If received TTL is about 3590 - it's really
>likely that A and A' is the same host.
Thank you! Yes. This, and checking the SSH key, seem to both be very
promising solutions to the problem.
I will be investigating and trying both, to try to establish how well
they might work in practice.
It will be great if both work, because some bad actors will be running
SSH (on a known or findable port) and others won't be. And likewise,
some bad actors will be running their own name servrs and others won't
be. So it will be Good to have several tools in the toolbox.
More information about the freebsd-net
mailing list