1 comment

[ 0.30 ms ] story [ 11.9 ms ] thread
Very interesting article!

I'm guessing the "anti-portscan technique" is probably just a security device establishing the TCP connection before sending any packets to the real server, although in my opinion you shouldn't be doing this for ports with no service actually listening on them. This is usually known as SYN-proxy.

I was thinking also that for IPv6 addresses not returning the same results as their IPv4 counterparts, it would be interesting to measure latency and run traceroutes to try to guess if they're actually pointing to the same machine in the same datacenter.

Finally, you might have a service listening on one of your IP addresses and not on the others, so that would also make a difference without being a firewall misconfiguration.

The possibilities are many, so it would be great to see if the author extends his research in the near future. I hope he does! :)