Date: Thu, 22 Mar 2018 10:37:41 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Same host or different? How can you tell "over the wire"? Message-ID: <9803.1521740261@segfault.tristatelogic.com> In-Reply-To: <20180322140233.GA79266@staff.retn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20180322140233.GA79266@staff.retn.net>, Alexandre Snarskii <snar@snar.spb.ru> wrote: >DNS: if both A and A' running open recursive DNS servers (bad idea in >modern internet, but..) it's possible to use TTL field to differentiate. >Scenario: create some DNS record with good enough TTL of one hour. Ask A >about this record, get answer with TTL = 3600. Wait for ten seconds, then >ask A' about the same record. If received TTL is about 3590 - it's really >likely that A and A' is the same host. Thank you! Yes. This, and checking the SSH key, seem to both be very promising solutions to the problem. I will be investigating and trying both, to try to establish how well they might work in practice. It will be great if both work, because some bad actors will be running SSH (on a known or findable port) and others won't be. And likewise, some bad actors will be running their own name servrs and others won't be. So it will be Good to have several tools in the toolbox.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9803.1521740261>