undefined | Better HN

0 pointsopenasocket9y ago0 comments

tcpdump does TCP sessionization, yeah. But we're talking about ISPs extracting the hostnames in bulk for all their customers' traffic live, right? Maybe you're talking about something else, but I figured, based on the article we're having this conversation about, the attacker is these scenarios is an ISP, which only cares about doing these things at scale. You can't put tcpdump in front of a 100Gbps switch and do sessionization live.

> Assume DNS is not used and there is no reverse DNS information available that gives the specific domainname requested by the user.

If it's a hostname it has to correspond to a valid domain name, right? You can always use a third party or roll your own reverse DNS entry, as I described in my other answer. As long as the domain name actually has a DNS A record, we can get it.

0 comments

gwu789y ago

"If it's a hostname it has to correspond to a valid domain name, right?"

If it is listed in the ICANN DNS, maybe.

DNS is not mandatory for a website to work.

Most of the time I do not use DNS when reading the www. I have my own databases of the info I need to reach websites. Not that I expect anyone else would do this, but it is very fast and reliable.

j / k navigate · click thread line to collapse