From owner-freebsd-net@freebsd.org Wed Mar 21 23:47:30 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25606F4F16E for ; Wed, 21 Mar 2018 23:47:30 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id B59F76F845 for ; Wed, 21 Mar 2018 23:47:28 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 1096A3AEF2 for ; Wed, 21 Mar 2018 16:47:28 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-net@freebsd.org Subject: Same host or different? How can you tell "over the wire"? Date: Wed, 21 Mar 2018 16:47:27 -0700 Message-ID: <5755.1521676047@segfault.tristatelogic.com> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 23:47:30 -0000 "Kurt Buff" wrote: >Do you mean that the application banners for all applications are the >same? A comprehensive scan with nmap shows no differences? Correct. This is the case I was/am asking about. >I know you specified SSH as outside of the application layer, but I >would think if it's even to the point that the same SSH key (or >credentials) work for both machines, and upon login provide the same >hostname in the prompt In case it was not clear, none of the IPv4 addresses that are of interest, or that are relevant to my question, are ones for which *I* posses any type of SSH login credentials. But your question certainly raises an interesting possibility, and an interesting question... one that I myself am not at all equiped or qualified to answer (because I am almost totally ignorant about even the bare mechanics of the SSH protocol): How could one tickle an open SSH port and obtain from it not just its greeting banner (which may be, and often is, rather generic and non-specific) but also so as to get the host's host-specific public key? (Yes, I am indeed displaying an unforgivable level of laziness here. I can and most probably should, and most probably eventually -will- just go off now and read the relevant RFCs, but if anyone wants to save me the trouble, just for this one question, that would be appreciated.) >you'd have to dig and see if the NIC configs >show a difference, or perhaps that there are multiple NICs, or a >single NIC aliased with the IP addresses you're reviewing. Yes. This is yet a different way that the problem might be attacked. I am most interested in that last possibility you mentioned, and specifically I am interested in differentiating that case from all other possible cases. But I am far too ignorant of the relevant protocols to be able to work out a way to solve the problem this way, so if anyone might be willing to explain it to me, in detail, that also would be most appreciated.