From owner-freebsd-net@freebsd.org Mon Mar 26 20:54:54 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC944F6B09F for ; Mon, 26 Mar 2018 20:54:53 +0000 (UTC) (envelope-from ascherrer@gmail.com) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5241D73B85 for ; Mon, 26 Mar 2018 20:54:53 +0000 (UTC) (envelope-from ascherrer@gmail.com) Received: by mail-wm0-x232.google.com with SMTP id x4so5567063wmh.5 for ; Mon, 26 Mar 2018 13:54:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=4j8zTMFpJjfw3dZzl+yuiSyWV+hnhq54ZddF/E92bEw=; b=Ge6vI7xi4SAO3SsrR9kWjW26ubrsL9gwNclZc70JwxIt3dRSBEdVR323k3/MPPZ9BD n93oSbCN7CBCs799UzE+VBPwd4fsQ1Ig/NcVdXmjd/KyWBkYchttPNXOGhIYzgeHZ0z2 5IKFKcBpjmJ18ARuDgii8W0Lgc0FNtq9FSwRkwgjO8kLE9D37LwRt3FUw/fvuf76PKOn SHnt9iaIXob0E+BY2ONXzP5fOylMCdUuw4xeGtW4MGVhuVYXtX0Fb8+SpAjQ/OKYrnD6 QjQNJwHYqley8S0fMlLh8HjFzLsDhrN+ymSQtywzTOCoCRUf+QSlUSQNu0WQEtmBxEDG Zv+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=4j8zTMFpJjfw3dZzl+yuiSyWV+hnhq54ZddF/E92bEw=; b=r+DqG+v5VWH94ApmAX/zLsfnbASVtXnybcglG1PAPTDtCpcM4hGXQ6zuaNtAQuxk4S /MvMFVpxanOyCCm2rvD9ywepWqVnLS28UsX1r3ZeLTn1NzMax9jfAvDJ8S2M366MpKOQ /bEZgTcFexvY9HIWuhAUu3t4uivwlYm/WmZuoxMlFRJTiuO1FPvTUTSfR3eSgd2iJFLe zRxn6WobIKMVnE8nWDVmJ7wqp+5iIt8YbSPtvi+pVK1BMv2BWsldLlUp//9TKqF4erCq H5KqN0JKwi3udRWZXrRn1Zk5+G9Hd8ny2C6k0sg7kdoGKkJBgO7C+Y+HMO2vLcCTArxf Z42g== X-Gm-Message-State: AElRT7EgvyfF+1fuXXybv6bnm4GoPuZFnazv1K9Gb+foJxqF7WM7MA5u yLgqyyqOD+3xM/tOc5QV9X16AUYc X-Google-Smtp-Source: AG47ELv3/Z+4/VoHmLWFVj4RRSV/64CcfDFrcXwcr0YGf4ldn4BioZThbrHvNGKcBTyowI+Nu4ZnTg== X-Received: by 10.80.149.237 with SMTP id x42mr40495555eda.99.1522097692097; Mon, 26 Mar 2018 13:54:52 -0700 (PDT) Received: from juntos.woohoo.ch ([2a02:168:681c:460:3cad:c4fc:4f61:171]) by smtp.gmail.com with ESMTPSA id b47sm10995970ede.13.2018.03.26.13.54.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Mar 2018 13:54:51 -0700 (PDT) Subject: Re: Same host or different? How can you tell "over the wire"? To: freebsd-net@freebsd.org References: <4903.1521667183@segfault.tristatelogic.com> From: Andreas Scherrer Message-ID: <4ec7815d-f085-acd2-56ce-c3deefe3e307@gmail.com> Date: Mon, 26 Mar 2018 22:54:50 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <4903.1521667183@segfault.tristatelogic.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2018 20:54:54 -0000 Hi rfg On 21.03.18 22:19, Ronald F. Guilmette wrote: ... > Is there any method which can be applied to A and A' over the > Internet and which could reliably differentiate these two possible > cases from one another (i.e. a single common host versus two separate > hosts)? That is an interesting question (or thought experiment). I would say the answer is unfortunately a boring "no". Assuming that there IS such a method, it would have to make the decision based on (a set of) "features" in the network traffic it sees. Now there MUST be something that can be changed/mangled/tuned in the traffic that is generated by a single machine to trick the scanner into thinking that it is looking at two different machines. Whatever the "features" are, changing at least one of them must be possible. Or am I missing something? Cheers andreas