RDNS of legitimate names can be a tracking hostname #15

New Issue

Open

opened 2020-01-07 13:14:07 +00:00 by geoffrey · 0 comments

geoffrey commented 2020-01-07 13:14:07 +00:00

Owner

Copy Link

Example: www.mitsubishicars.com

$ dig +short www.mitsubishicars.com
168.75.242.199
$ dig +short -x 168.75.242.199
report.mitsubishicars.com.
$ dig +short report.mitsubishicars.com
mitsubishicars.com.d1.sc.omtrdc.net.
52.49.100.189
108.128.130.224
52.31.190.58

Which results in the rule:

www.mitsubishicars.com 4F_2 ← 168.75.242.199/32 3FD19 ← report.mitsubishicars.com 2F_1 ← *.omtrdc.net 1F_7904 ← (first-party rule) 0F_28

Maybe we can find a way to not include those false-positives.

We can skip RDNS data altogether, which only removes <<4090 hostnames (<<745 in -only). I say << because of #14 and the fact it has not rerun yet. If the real numbers are significantly low, this might be not worth it.

Example: `www.mitsubishicars.com` ```shell $ dig +short www.mitsubishicars.com 168.75.242.199 $ dig +short -x 168.75.242.199 report.mitsubishicars.com. $ dig +short report.mitsubishicars.com mitsubishicars.com.d1.sc.omtrdc.net. 52.49.100.189 108.128.130.224 52.31.190.58 ``` Which results in the rule: ``` www.mitsubishicars.com 4F_2 ← 168.75.242.199/32 3FD19 ← report.mitsubishicars.com 2F_1 ← *.omtrdc.net 1F_7904 ← (first-party rule) 0F_28 ``` Maybe we can find a way to not include those false-positives. We can skip RDNS data altogether, which only removes <<4090 hostnames (<<745 in -only). I say << because of #14 and the fact it has not rerun yet. If the real numbers are significantly low, this might be not worth it.

geoffrey added the

false-negative

false-positive

labels 2020-01-07 13:14:07 +00:00

geoffrey referenced this issue from a commit 2020-01-07 13:18:12 +00:00

Disabled RDNS import due to #15

geoffrey referenced this issue 2020-01-07 13:32:45 +00:00

Handle source looped recursion #16

geoffrey added a new dependency 2020-01-07 13:33:01 +00:00

#14 Priority can be wrong

geoffrey added a new dependency 2020-01-07 13:33:31 +00:00

#16 Handle source looped recursion

geoffrey referenced this issue 2020-01-07 13:33:31 +00:00

Handle source looped recursion #16

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

newworkflow

newworkflow_packbefore

newworkflow_threaded

newworkflow_parseropti

v3.0.0

v2.3

v2.1

v2.1-beta

v2.0-beta

v1.5

v1.4

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

false-negative

The list isn't blocking a domain when it should

  

false-positive

The list is blocking a domain when it should not

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No Label

bug

duplicate

enhancement

false-negative

false-positive

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Blocks

#16 Handle source looped recursion

geoffrey/eulaurarien

Depends on

#14 Priority can be wrong

geoffrey/eulaurarien

Reference: geoffrey/eulaurarien#15

No description provided.