On Nov 16, 2013, at 19:30 , Michael Collins <mcoll...@aleae.com> wrote:
> It's Yet Another False Positive in anomaly detection and traffic analysis > software that I fiddle with. In the case of CDNs, I mostly want to throw > them out the window -- whenever I see one, I know that the reverse lookup > information is going to be useless and it's time to toss that address out of > the bucket and look at the next weird one on the list. Not sure why in-addr on CDN would be any different than .. well, anything. Perhaps I do not understand your use case well enough? -- TTFN, patrick > On Nov 16, 2013, at 5:28 PM, Patrick W. Gilmore <patr...@ianai.net> wrote: > >> First, the location of CDN nodes is not relevant to passive DNS monitoring. >> If Andrew would like a list of domains with CDN hostnames in them, that >> might be findable. >> >> Second, a list of CDN nodes is likely impossible to gather & maintain >> without the help of the CDNs themselves. There are literally thousands of >> them, most do not serve the entire Internet, and they change frequently. And >> before you ask, I know at least Akamai will _not_ give you their list, so >> don't even try to ask them. >> >> Sorry this makes your life more difficult. Perhaps if you explained why you >> were doing address lookups, the collective body could help you come up with >> a better solution? >> >> -- >> TTFN, >> patrick >> >> >> On Nov 15, 2013, at 10:06 , Michael Collins, Aleae <mcoll...@aleae.com> >> wrote: >> >>> I'll second that; CDNs are a constant pain for me when I'm doing address >>> lookups. A list of them would make life a lot easier for a bunch of >>> different investigative processes. >>> >>> If there isn't one right now, I think I could get off my tuchas and >>> start maintaining one if anyone's interested in pitching in. >>> >>> >>> On 11/14/13 5:19 PM, Andrew Fried wrote: >>>> Actually, a list of CDNs would be very handy. I harvest botnets and >>>> fast flux hosts out of passive dns, and some of the heuristics used to >>>> identify them are similar to what CDNs look like. >>>> >>>> Having a decent list of CDN effective top level domains alone would be >>>> useful for redacting those hosts. >>>> >>>> Andy >>>> >>>> >>>> Andrew Fried >>>> andrew.fr...@gmail.com >>>> >>>> On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote: >>>>> List of CDNs would be difficult, but not impossible. Although they do >>>>> different things, so a simple list is unlikely to be as useful as it >>>>> looks. >>>>> >>>>> A lost of CDN "DC nodes" is not possible. Why do you care about such a >>>>> thing anyway? >>>>> >>> >>> >> >
signature.asc
Description: Message signed with OpenPGP using GPGMail