On Fri, Sep 29, 2017 at 04:42:37PM +0200, Andrea Barberio wrote:
Have you also looked at this project from the last RIPE DNS hackaton? https://recdnsfp.github.io/
Follow-up at https://www.ietf.org/proceedings/99/slides/slides-99-maprg-fingerprint-based...
Yes, I had a look thanks to Vesna: it's interesting but too elaborate for my needs! The goal here is just to filter out "misbehaving" probes, and Giovane's method is simple and effective for this. Thanks, Baptiste
----- Original Message ----- From: "Baptiste Jonglez" <baptiste.jonglez@imag.fr> To: ripe-atlas@ripe.net Sent: Friday, September 29, 2017 1:56:12 PM Subject: [atlas] List of Atlas probes subjected to DNS traffic interception (MITM)
Hi,
I am looking for a list of Atlas probes that suffer from DNS traffic interception, to exclude them from my measurements. What I mean by "traffic interception" is that DNS queries from the probe to a third-party DNS server do not reach the server, but are intercepted and answered by a middle-box instead.
I started building this list myself, but it's a long and potentially error-prone process.
It seems that the "DNS Root Instances" map could be used for that purpose, because DNS traffic interception shows up as if the probe was contacting an "Unknown" root instance. To get the list of probes, I ended up using an URL like the following, showing probes for all possible "unknown" root instance hostnames:
However, there seems to be a limit on the size of the URL so I cannot get all probes, and they are just displayed on the map without any obvious way to get the raw list of probes instead.
Is there a way to get the raw list of probes from this map? Or has anybody already done this classification work independently? I also looked for DNS-related tags on probes, but could not find anything useful.
Thanks, Baptiste