Date: Wed, 21 Mar 2018 16:47:27 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-net@freebsd.org Subject: Same host or different? How can you tell "over the wire"? Message-ID: <5755.1521676047@segfault.tristatelogic.com>
next in thread | raw e-mail | index | archive | help
"Kurt Buff" <kurt.buff@gmail.com > wrote: >Do you mean that the application banners for all applications are the >same? A comprehensive scan with nmap shows no differences? Correct. This is the case I was/am asking about. >I know you specified SSH as outside of the application layer, but I >would think if it's even to the point that the same SSH key (or >credentials) work for both machines, and upon login provide the same >hostname in the prompt In case it was not clear, none of the IPv4 addresses that are of interest, or that are relevant to my question, are ones for which *I* posses any type of SSH login credentials. But your question certainly raises an interesting possibility, and an interesting question... one that I myself am not at all equiped or qualified to answer (because I am almost totally ignorant about even the bare mechanics of the SSH protocol): How could one tickle an open SSH port and obtain from it not just its greeting banner (which may be, and often is, rather generic and non-specific) but also so as to get the host's host-specific public key? (Yes, I am indeed displaying an unforgivable level of laziness here. I can and most probably should, and most probably eventually -will- just go off now and read the relevant RFCs, but if anyone wants to save me the trouble, just for this one question, that would be appreciated.) >you'd have to dig and see if the NIC configs >show a difference, or perhaps that there are multiple NICs, or a >single NIC aliased with the IP addresses you're reviewing. Yes. This is yet a different way that the problem might be attacked. I am most interested in that last possibility you mentioned, and specifically I am interested in differentiating that case from all other possible cases. But I am far too ignorant of the relevant protocols to be able to work out a way to solve the problem this way, so if anyone might be willing to explain it to me, in detail, that also would be most appreciated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5755.1521676047>