About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] Elimination of 2nd level ccTLD domain names

  • To: RIPE DNS Working Group Mailing List < >
  • From: Brad Knowles < >
  • Date: Mon, 25 Oct 2004 22:48:45 +0200
At 9:39 PM +0100 2004-10-25, Jim Reid wrote:


 Nope. Roy and Jakob's tool can already fingerprint Nominum's DNS
 implementations. And just about anyone else's for that matter.
I know about fpdns.pl. I was using it before it was officially released. Early discussions with Roy lead to the very gross fingerprinting methods I used in my DNS Comparison presentation that I gave at LISA 2002 and RIPE 44.

None of that is to say that someone couldn't come along and make some modifications to the code that one of these programs runs, which would result in a different fingerprint being generated. If they then called this program by a totally different name, it might not be easy to tell that it's just a relatively minor modification to an existing program already in the database.

                                                               Besides,
 I very much doubt if anyone would create a code fork and all the
 aggravation flowing from that -- support overheads, regression
 testing, documentation, software maintenance, etc -- just to confuse a
 fingerprinting tool.
It wouldn't necessarily take a big change in the code to result in a change to the fingerprint. If a customer is large enough and pays enough money, who's to say that even large changes wouldn't be made to the code, if the customer requested them?

                      And of course the tool could easily be updated to
 take account of any obfuscation like that. Why would anyone choose to
 enter that zero-sum game?
Sure, but you have to know that there is obfuscation before you can try to compensate for it. So long as word never got out, people would not necessarily be likely to figure out what's going on.

 You'll be much better off to trust this fingerprinting tool than
 depend on my memory. :-)
The tool is very robust and encodes a great deal of very useful information, but I think you do not give yourself enough credit.

--
Brad Knowles, brad@localhost

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755

SAGE member since 1995. See <http://www.sage.org/> for more info.


<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community