Techniques Posts

Our last post covered some of the ways that Rumble gathers information from DNS services. While working on the tracer implementation, we identified a trick that other folks might find it useful. It turns out that most DNS resolvers do not filter the address ranges they will contact when handling a request, allowing for remote subnet “ping scans” with a little work. This technique isn’t foolproof, and is probably not new, but it may have interesting security implications.