zlacker

[return to "Why does 1.1.1.1 not resolve archive.is?"]
1. ggm+N2[view] [source] 2019-10-04 06:10:48
>>stargr+(OP)
ECS is not equivalent to 'send the IP' but is revealing.

the fact that I subsequently connect to another place over HTTP or some other protocol is distinct from telling a DNS authority who is asking a question about a domain name: the article implies "its the same leakage" but it isn't: different people get told.

◧◩
2. cnst+53[view] [source] 2019-10-04 06:13:43
>>ggm+N2
What's the actual meaningful difference, though? ECS is limited to a /24 anyways, so, it doesn't even reveal the exact IP address in any case.
◧◩◪
3. majews+cd[view] [source] 2019-10-04 08:35:31
>>cnst+53
Even if ECS only reveals your /24, immediately afterwards you're going to connect to the service with your own IP, so Eve can correlate the pair of domain name and /24 from the ECS request with the source IP from the TCP connection to match your IP with the domain name you're navigating to.
[go to top]