[SSL Observatory] CDN services
Ralph Holz
holz at net.in.tum.de
Tue Nov 8 06:31:45 PST 2011
Hi,
>> Did you check to which IP addresses these resolve, and stored the IP
>> addresses? We did that for the last few of our scans, but I haven't
>> found the time yet to feed it into the DB.
>
> I did not store the IPs, only checked IPs manually.
OK... I have a few datasets here that contain IP addresses for the Alexa
Top 1M as resolved from CN, BR etc. I haven't found the time yet to look
at them, but maybe they're useful. I don't think there are any
objections to releasing them.
> In your datasets (the difference sets) I've found some webhostings/eshops (e.g.
> wesped.com, alyasoft.net). One domain had improper (but not self-signed) certs
> that might be considered "high value" (centerstatebank.com), though now it seems
> to have proper cert.
Yes, that seems about right. We didn't find any attack traces in the
difference sets; most likely these are temporary configuration issues.
Still, a few dozen eyes will spot more than one pair...
>> Does this mean you can scan 1.5M+ hostnames in less than 24h? You don't
>> conduct full SSL handshakes then, correct?
>
> Correct. The scanner only waits for the TLS Handshake Record with certificates.
> Time taken by the scan depends a lot on the scanner location, one finishes
> consistently within 4-5 hours, the other between 11-13 hours (in 100 threads).
Will you release the code? I have been thinking about replacing our
openssl-based scanner with something quicker, at least for some use cases.
>> Which DB back-end do you use? If it's postgres, I'd be happy to feed it
>> into our DB, too, and see what we have.
>
> It's postgres.
Oh, excellent. Do you provide .custom format, too?
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111108/696ce612/attachment.sig>
More information about the Observatory
mailing list