我正在扫描透明代理/MiTM,在对以下对象进行扫描时发现了这一点:ntp.org网站:
joe@APP05:~$ dig cn.pool.ntp.org
; <<>> DiG 9.10.3-P4-Ubuntu <<>> cn.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42856
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cn.pool.ntp.org. IN A
;; ANSWER SECTION:
cn.pool.ntp.org. 150 IN A 5.79.108.34
cn.pool.ntp.org. 150 IN A 85.199.214.100
;; Query time: 457 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Jul 06 09:13:11 EDT 2018
;; MSG SIZE rcvd: 65
joe@APP05:~$ nmap -sT cn.pool.ntp.org -p 80
Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-06 09:09 EDT
Nmap scan report for cn.pool.ntp.org (202.100.138.68)
Host is up (0.23s latency).
Other addresses for cn.pool.ntp.org (not scanned): 120.25.115.19 202.112.10.37
rDNS record for 202.100.138.68: cache2.qhxnptt.net.cn
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 2.46 seconds
除了具有开放 TCP 端口 80 的透明代理的指示之外,为什么 nmap 扫描了 202.100.138.68,而不扫描 120.25.115.19 和 202.112.10.37,而 A 记录为ntp.org网站分别是 5.79.108.34 和 85.199.214.100?
这 3 个 IP 地址是从哪里来的?我知道ntp.org网站出于负载平衡、可用性等原因,A 记录会不断变化,但在本场景中情况并非如此 - A 记录保持不变。运行这两个命令的系统仅通过 /etc/resolv.conf (1.1.1.1) 知道一个解析器。