[atlas] HTTPS interception in Atlas probes

• Previous message (by thread): [atlas] USB stick?
• Next message (by thread): [atlas] Probe Fulfilment

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Mar 3 17:22:25 CET 2017

After this excellent talk at NDSS 17
<https://www.internetsociety.org/doc/security-impact-https-interception>,
I wanted to see if there are some Atlas probes behind such an
interceptor. I cannot run on all Atlas probes (maximum daily spending limit) but I've found at least one:

% python cert.py --requested 500 --area North-Central --issuer www.afnic.fr 
497 probes reported
[<X509Name object '/C=NL/O=OCOM/OU=Security Dep/CN=amspan01.ocom.lan/emailAddress=security at leaseweb.com'>] : 1 occurrences 
[<X509Name object '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Extended Validation CA - SHA256 - G2'>] : 496 occurrences 
Test #7854923 done at 2017-03-03T16:20:43Z

The probe is #10035, in Amsterdam
<https://atlas.ripe.net/probes/10035/#!tab-general>

The cert.py program is at
<https://github.com/RIPE-Atlas-Community/ripe-atlas-community-contrib>

• Previous message (by thread): [atlas] USB stick?
• Next message (by thread): [atlas] Probe Fulfilment

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]