[dns-operations] Fingerprinting stub resolvers
graeme at graemef.net
graeme at graemef.net
Mon Jan 7 11:32:27 UTC 2013
On 04.01.2013 16:05, Matthew Pounsett wrote:
> A friend of mine at an ISP asked me recently whether I had any
> suggestions for fingerprinting stub resolvers. They've got pcaps
> from
> the downstream side of their caching servers and are looking at
> trying
> to pull more interesting statistics than query counts out of them. I
> didn't have any good suggestions, but it seems like an interesting
> question to ask of one's name server. Has anyone else tackled this
> before? Do tools exist?
p0f would be a good one to start with.
Although it might not be 100% accurate, running those pcaps through p0f
would give a starting point as it already has some of the techniques
included that were mentione din other responses to your question.
http://lcamtuf.coredump.cx/p0f3/
Graeme
More information about the dns-operations
mailing list