217.320traceroute

traceroute  时间:2021-05-17  阅读:()
AcuriouscaseofbrokenDNSresponsesBabakFarrokhiRIPE75AboutmeUnixSA(FreeBSD,Solaris,Linux)since1996IPNetworkingsince1997FreeBSDPortsTeamsince2004Enthusiasticcoder@farrokhiPrologueWhenitcomestonetwork,IalwayshavetrustissuesMostpeopleignorethosestrangenetworkbehaviorsOnlyafewpeopletaketheredpillandgodowntherabbithole.
.
.
ObservationOutgoingSMTPfailsduetoMXlookupfailuresonlycertaindomains(e.
g.
twitter.
com)Localresolverreturns"incorrect"responsePublicResolver(e.
g.
Google)alsoreturnedincorrectresponseIneededtolookdeeperintothisDowntherabbithole.
.
.
StrangeresponsesfrompublicresolversThisisnotwhatIexpectedtogetfromapublicresolver:%dig+short-tAtwitter.
com@8.
8.
8.
810.
10.
34.
34%dig+short-tAripe.
net@8.
8.
8.
8193.
0.
6.
139%dig-tMXtwitter.
com@8.
8.
8.
8;;Gotbadpacket:badlabeltype45bytes40108180000100010000000007747769twi7474657203636f6d00000c0001c00c00tter.
com.
.
.
.
.
.
.
.
0c000100000379000341414100.
.
.
.
.
.
y.
.
AAA.
NeedtotakeacloserlookNotobviousatfirstglance,buttimedeltaisstrange.
.
.
%tcpdump-ttt-c2-nqrripe.
pcapreadingfromPCAP-NGfileripe.
pcap00:00:00.
000000IP192.
168.
0.
132.
53425>8.
8.
8.
8.
53:UDP,length2700:00:00.
138933IP8.
8.
8.
8.
53>192.
168.
0.
132.
53425:UDP,length75%tcpdump-ttt-c2-nqrtwitter.
pcapreadingfromPCAP-NGfiletwitter.
pcap00:00:00.
000000IP192.
168.
0.
132.
58418>8.
8.
8.
8.
53:UDP,length2900:00:00.
028077IP8.
8.
8.
8.
53>192.
168.
0.
132.
58418:UDP,length45dnsping-AnewtoolisbornStartedasahumblePythonscripttosolvemyownproblemNotintendedtore-inventthewheelSimilaruserexperienceasthelegacyPING%.
/dnsping.
py-s8.
8.
8.
8-c3ripe.
netdnsping.
pyDNS:8.
8.
8.
8:53,hostname:ripe.
net,rdatatype:A32bytesfrom8.
8.
8.
8:seq=0time=200.
371ms32bytesfrom8.
8.
8.
8:seq=1time=217.
320ms32bytesfrom8.
8.
8.
8:seq=2time=236.
644ms---8.
8.
8.
8dnspingstatistics---3requeststransmitted,3responsesreceived,0%lostmin=200.
371ms,avg=218.
112ms,max=236.
644ms,stddev=18.
149msICMPvsDNSResponseTimes%ping-q-c108.
8.
8.
8PING8.
8.
8.
8(8.
8.
8.
8):56databytes---8.
8.
8.
8pingstatistics---10packetstransmitted,10packetsreceived,0.
0%packetlossround-tripmin/avg/max/stddev=124.
237/155.
044/227.
499/31.
464ms%.
/dnsping.
py-q-s8.
8.
8.
8-c3twitter.
comdnsping.
pyDNS:8.
8.
8.
8:53,hostname:twitter.
com,rdatatype:A---8.
8.
8.
8dnspingstatistics---3requeststransmitted,3responsesreceived,0%lostmin=12.
934ms,avg=21.
355ms,max=29.
425ms,stddev=8.
251msFirstanomalyDifferentdomainnamesbeingtreateddifferentlyAroguenameserverimpersonatingasGoogleResolverTheroguenameserverisclosetome(givenresponsetimes)WhereisitAndhowcanIfindoutdnstraceroute:TraceroutetoolforDNSprotocolSimilartolegacytraceroute,butforDNSprotocolSendoutactualDNSqueriesandexpectaresponseUsingTTLtricktomapthejourneyCouldnotuselegacytraceroutewithUDPprobesThetrafficredirectionisbasedonDNS"payload"RealvsRogueDNSServers%.
/dnstraceroute.
py-s8.
8.
8.
8ripe.
netdnstraceroute.
pyDNS:8.
8.
8.
8:53,hostname:ripe.
net,rdatatype:A1192.
168.
0.
1(192.
168.
0.
1)3.
912ms2*3192.
168.
10.
105(192.
168.
10.
105)15.
792ms4172.
17.
2.
1(172.
17.
2.
1)17.
063ms5172.
17.
2.
9(172.
17.
2.
9)11.
245ms6172.
19.
18.
5(172.
19.
18.
5)24.
862ms7172.
19.
17.
2(172.
19.
17.
2)18.
972ms810.
201.
177.
41(10.
201.
177.
41)13.
261ms910.
10.
53.
190(10.
10.
53.
190)14.
240ms10185.
100.
209.
117(185.
100.
209.
117)176.
592ms11*12de-cix.
fra.
google.
com(80.
81.
192.
108)152.
757ms13108.
170.
251.
193(108.
170.
251.
193)90.
347ms14google-public-dns-a.
google.
com(8.
8.
8.
8)185.
401ms%.
/dnstraceroute.
py-s8.
8.
8.
8twitter.
comdnstraceroute.
pyDNS:8.
8.
8.
8:53,hostname:twitter.
com,rdatatype:A1192.
168.
0.
1(192.
168.
0.
1)3.
160ms2*3192.
168.
10.
105(192.
168.
10.
105)5.
985ms4172.
17.
2.
1(172.
17.
2.
1)8.
535ms5172.
17.
2.
9(172.
17.
2.
9)20.
617ms6172.
19.
18.
5(172.
19.
18.
5)7.
823ms7*8*9google-public-dns-a.
google.
com(8.
8.
8.
8)19.
557msBacktothecaseofbrokenMXRoguenameserveralsoreturns"broken"responsesOnlytocertaintypeofqueries(e.
g.
MX)%dig-tMXtwitter.
com@8.
8.
8.
8;;Gotbadpacket:badlabeltype45bytes40108180000100010000000007747769twi7474657203636f6d00000c0001c00c00tter.
com.
.
.
.
.
.
.
.
0c000100000379000341414100.
.
.
.
.
.
y.
.
AAA.
Lookingatpacketsagain.
.
.
ResponsetoMXrequestismalformedServerrespondedwithPTRresponseRDLENGTHis3butRDATAfieldcontains4bytesAdditionalbytewasalwaysNULLSeemslikeabugincodeQueriedtop10,000domainnames[1],received139brokenresponses[2]UncoveringtherougeresolveraddressQueryTXTrecordfrommaxmind.
test-ipv6.
comIttellsyouthepublicaddressofyourresolverTheaddressshouldbelongtoGoogle(AS15169)AnythingelsemeansMITMUsingRIPEAtlastoseeifthisisaregularpractice%dig+short-tTXTmaxmind.
test-ipv6.
com@8.
8.
4.
4"ip='74.
125.
74.
14'as='15169'isp='Google'country='FI'"IsitjustmeLet'saskRIPEAtlas500Probesworldwide-484Replied(DNS/UDP/IPv4)475Good(Req.
fromGoogleaddressspace)~98%9Bad(Req.
fromnon-Googleaddressspace)~2%Same500probes-484Replied(DNS/TCP/IPv4)479Good~99%5Bad~1%ThelogicbehindDNStrafficredirectionWhatisthemotivationTherearemainlytworeasons:1.
Privacyprotection(TheGood)Preventsendingrequesttousehaveyourend-pointIPaddressasitssourceaddressFilteroutmalwareslookingfortheirC&C2.
DNSbasedserviceredirection(TheEvil)RestrictyouraccessRedirectyourtrafficCountermeasuresForcelocalresolvertouseTCPDNSCrypt(dnscrypt.
org)OpenDNSsupportsit,desktopclientsavailableDNSoverTLS/DTLS(RFC7858and8094)DNSPrivacyProject(dnsprivacy.
org)offerstutorials,tools,recommendationsandtestserversDNSSECFromtop100domainnamesonly2ofthemaresigned[3]WhatiftheroguenameserverdoesnotvalidateDNSSECFinalwordsDon'ttrustapublicDNSresolver,useyourownThereain'tnosuchthingasafreelunch(TANSTAAFL)Stubresolversareeasytosetupanduse(e.
g.
Stubby)Don'ttrustyourupstream,encryptasmuchaspossibleDNScontainsimportantinformationAsperRFC7258:"PervasiveMonitoringIsanAttack"Toolsofthetradednsping,dnstracerouteanddnsevalarepartof"dnsdiagtoolkit"onGitHub[4]LookingforfeedbackandideasfromcommunityCombiningwithothertools(e.
g.
RIPEAtlas)toperformmorecomplexbehavioranalysisSuggestion:dnstracerouteinRIPEAtlasprobesQuestionsResources[1]https://github.
com/opendns/public-domain-lists[2]https://gist.
github.
com/farrokhi/0b56ae06813391be9164[3]https://gist.
github.
com/farrokhi/1d9de9df5877aaf9c42fc14412a4b0f8[4]https://github.
com/farrokhi/dnsdiagAlsomyarticlesonRIPELabsdiscussionthesameissue:https://labs.
ripe.
net/Members/babak_farrokhi

蓝速数据(58/年)秒杀服务器独立1核2G 1M

蓝速数据金秋上云季2G58/年怎么样?蓝速数据物理机拼团0元购劲爆?蓝速数据服务器秒杀爆产品好不好?蓝速数据是广州五联科技信息有限公司旗下品牌云计算平台、采用国内首选Zkeys公有云建设多种开通方式、具有IDC、ISP从业资格证IDC运营商新老用户值得信赖的商家。我司主要从事内地的枣庄、宿迁、深圳、绍兴、成都(市、县)。待开放地区:北京、广州、十堰、西安、镇江(市、县)。等地区数据中心业务,均KV...

inux国外美老牌PhotonVPS月$2.5 ,Linux系统首月半价

PhotonVPS 服务商我们是不是已经很久没有见过?曾经也是相当的火爆的,我们中文习惯称作为饭桶VPS主机商。翻看之前的文章,在2015年之前也有较多商家的活动分享的,这几年由于服务商太多,乃至于有一些老牌的服务商都逐渐淡忘。这不有看到PhotonVPS商家发布促销活动。PhotonVPS 商家七月份推出首月半价Linux系统VPS主机,首月低至2.5美元,有洛杉矶、达拉斯、阿什本机房,除提供普...

LOCVPS全场8折,香港云地/邦联VPS带宽升级不加价

LOCVPS发布了7月份促销信息,全场VPS主机8折优惠码,续费同价,同时香港云地/邦联机房带宽免费升级不加价,原来3M升级至6M,2GB内存套餐优惠后每月44元起。这是成立较久的一家国人VPS服务商,提供美国洛杉矶(MC/C3)、和中国香港(邦联、沙田电信、大埔)、日本(东京、大阪)、新加坡、德国和荷兰等机房VPS主机,基于XEN或者KVM虚拟架构,均选择国内访问线路不错的机房,适合建站和远程办...

traceroute为你推荐
状态微信5supplementedroute支持ipad支持ipad支持ipadwindows键是哪个Win键是什么?用itunes备份如何用iTunes备份iPhone数据联通版iphone4s怎样看苹果4S是联通版还是电信版google中国地图求教谷歌中国地图~手机如何使用?谷歌sb在谷歌里搜SB为什么结果中第一个是百度
ip反查域名 什么是域名解析 ftp空间 vpsio directadmin patcha 华为云主机 lamp配置 昆明蜗牛家 卡巴斯基破解版 河南移动梦网 英国伦敦 美国盐湖城 帽子云排名 德隆中文网 免费php空间 SmartAXMT800 alexa世界排名 web服务器有哪些 卡巴斯基免费版下载 更多