This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] Elimination of 2nd level ccTLD domain names

Previous message (by thread): [dns-wg] Elimination of 2nd level ccTLD domain names
Next message (by thread): [dns-wg] Re: Elimination of 2nd level ccTLD domain names

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brad Knowles brad at stop.mail-abuse.org
Mon Oct 25 22:48:45 CEST 2004

At 9:39 PM +0100 2004-10-25, Jim Reid wrote:

>  Nope. Roy and Jakob's tool can already fingerprint Nominum's DNS
>  implementations. And just about anyone else's for that matter.

	I know about fpdns.pl.  I was using it before it was officially 
released.  Early discussions with Roy lead to the very gross 
fingerprinting methods I used in my DNS Comparison presentation that 
I gave at LISA 2002 and RIPE 44.

	None of that is to say that someone couldn't come along and make 
some modifications to the code that one of these programs runs, which 
would result in a different fingerprint being generated.  If they 
then called this program by a totally different name, it might not be 
easy to tell that it's just a relatively minor modification to an 
existing program already in the database.

>                                                                Besides,
>  I very much doubt if anyone would create a code fork and all the
>  aggravation flowing from that -- support overheads, regression
>  testing, documentation, software maintenance, etc -- just to confuse a
>  fingerprinting tool.

	It wouldn't necessarily take a big change in the code to result 
in a change to the fingerprint.  If a customer is large enough and 
pays enough money, who's to say that even large changes wouldn't be 
made to the code, if the customer requested them?

>                       And of course the tool could easily be updated to
>  take account of any obfuscation like that. Why would anyone choose to
>  enter that zero-sum game?

	Sure, but you have to know that there is obfuscation before you 
can try to compensate for it.  So long as word never got out, people 
would not necessarily be likely to figure out what's going on.

>  You'll be much better off to trust this fingerprinting tool than
>  depend on my memory. :-)

	The tool is very robust and encodes a great deal of very useful 
information, but I think you do not give yourself enough credit.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

Previous message (by thread): [dns-wg] Elimination of 2nd level ccTLD domain names
Next message (by thread): [dns-wg] Re: Elimination of 2nd level ccTLD domain names

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]