[atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] New on RIPE Labs: Celebrating 10, 000 Active RIPE Atlas Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Baptiste Jonglez
baptiste.jonglez at imag.fr
Fri Sep 29 16:53:25 CEST 2017
On Fri, Sep 29, 2017 at 04:42:37PM +0200, Andrea Barberio wrote: > Have you also looked at this project from the last RIPE DNS hackaton? https://recdnsfp.github.io/ > > Follow-up at https://www.ietf.org/proceedings/99/slides/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas-01.pdf Yes, I had a look thanks to Vesna: it's interesting but too elaborate for my needs! The goal here is just to filter out "misbehaving" probes, and Giovane's method is simple and effective for this. Thanks, Baptiste > ----- Original Message ----- > From: "Baptiste Jonglez" <baptiste.jonglez at imag.fr> > To: ripe-atlas at ripe.net > Sent: Friday, September 29, 2017 1:56:12 PM > Subject: [atlas] List of Atlas probes subjected to DNS traffic interception (MITM) > > Hi, > > I am looking for a list of Atlas probes that suffer from DNS traffic > interception, to exclude them from my measurements. What I mean by > "traffic interception" is that DNS queries from the probe to a third-party > DNS server do not reach the server, but are intercepted and answered by a > middle-box instead. > > I started building this list myself, but it's a long and potentially > error-prone process. > > It seems that the "DNS Root Instances" map could be used for that purpose, > because DNS traffic interception shows up as if the probe was contacting > an "Unknown" root instance. To get the list of probes, I ended up using > an URL like the following, showing probes for all possible "unknown" root > instance hostnames: > > https://atlas.ripe.net/results/maps/root-instances/?server=1&question=10300&af=4&filter=&show_only=dns1.com2com.ru%2Cnl1.dnscrypt.eu ... > > However, there seems to be a limit on the size of the URL so I cannot get > all probes, and they are just displayed on the map without any obvious way > to get the raw list of probes instead. > > Is there a way to get the raw list of probes from this map? Or has > anybody already done this classification work independently? I also > looked for DNS-related tags on probes, but could not find anything useful. > > Thanks, > Baptiste -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/ripe-atlas/attachments/20170929/27198665/attachment.sig>
- Previous message (by thread): [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
- Next message (by thread): [atlas] New on RIPE Labs: Celebrating 10, 000 Active RIPE Atlas Probes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]