objective-see
SSL Subject CN when PTR (reverse DNS) comes up unknown
Thank you very much for your effort in providing and supporting this useful security/privacy utility.
When prompted to Allow or Block a connection you offer the very useful feature of a DNS reverse lookup.
Unfortunately in the modern day of hyperscaled cloud providers, a ptr lookup may well fail to get you results. Fortunately, many of these services use secure https connections over port 443 which are predicated on a SSL certificate, and this allows us a means to 'reverse engineer' the identity of the site being connected to.
An example in this case would be use the nmap script ssl_cert with the IP address, although the devs may know better libraries available for obtaining ssl certificates over https requests within the lulu codebase.
> nmap -p 443 --script ssl-cert 20.26.156.215/32
Starting Nmap 7.95 ( https://nmap.org ) at 2024-12-31 18:20 GMT
Nmap scan report for 20.26.156.215
Host is up (0.0095s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=github.com
| Subject Alternative Name: DNS:github.com, DNS:www.github.com
As you can see the Subject SN is github.com which could be a valuable factoid if the reverse DNS lookup offers no record.
Please consider adding this as a new feature onto your development backlog, as it may become increasingly relevant as services are ever more co-hosted on anonymous, transitory servers. I appreciate your consideration. Thanks
