[dns-operations] Fingerprinting stub resolvers
Matthew Pounsett
matt at conundrum.com
Mon Jan 7 18:49:26 UTC 2013
On 2013/01/07, at 06:32, graeme at graemef.net wrote:
> On 04.01.2013 16:05, Matthew Pounsett wrote:
>> A friend of mine at an ISP asked me recently whether I had any
>> suggestions for fingerprinting stub resolvers. They've got pcaps from
>> the downstream side of their caching servers and are looking at trying
>> to pull more interesting statistics than query counts out of them. I
>> didn't have any good suggestions, but it seems like an interesting
>> question to ask of one's name server. Has anyone else tackled this
>> before? Do tools exist?
>
> p0f would be a good one to start with.
>
> Although it might not be 100% accurate, running those pcaps through p0f would give a starting point as it already has some of the techniques included that were mentione din other responses to your question.
That looks like a fantastic starting point. Thanks, Graeme... I'll pass that on.
More information about the dns-operations
mailing list