nanog mailing list archives
Re: Breaking the internet (hotels, guestnet style)
From: Shane Ronan <sronan () fattoc com>
Date: Tue, 8 Dec 2009 11:12:30 -0500
Juniper SSL VPN FTW! On Dec 7, 2009, at 9:48 PM, Steven Bellovin wrote:
On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:On Dec 7, 2009, at 5:29 PM, John Levine wrote:Will be interesting to see if ISPs respond to a large scale thing like this taking hold by blocking UDP/TCP 53 like many now do with tcp/25 (albeit for other reasons). Therein lies the problem with some of the "net neturality" arguments .. there's a big difference between "doing it because it causes a problem for others", and "doing it because it robs me of revenue opportunities".I do hear of ISPs blocking requests to random offsite DNS servers. For most consumer PCs, that's more likely to be a zombie doing DNS hijacking than anything legitimate. If they happen also to block 8.8.8.8 that's just an incidental side benefit.I've found more and more hotel/edge networks blocking/capturing this traffic. The biggest problem is they tend to break things horribly and fail things like the oarc entropy test. They will often also return REFUSED (randomly) to valid well formed DNS queries. While I support the capturing of malware compromised machines until they are repaired, I do think more intelligence needs to be applied when directing these systems. Internet access in a hotel does not mean just UDP/53 to their selected hosts plus TCP/80, TCP/443.It's why I run an ssh server on 443 somewhere -- and as needed, I ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections as I really need... --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: Breaking the internet (hotels, guestnet style), (continued)
- Re: Breaking the internet (hotels, guestnet style) Tony Finch (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Sean Donelan (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Owen DeLong (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Michael Thomas (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Steven Bellovin (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Lou Katz (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) John R. Levine (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Shane Ronan (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Paul Vixie (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Steven Bellovin (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Jorge Amodio (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Michael Thomas (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Paul Vixie (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Jorge Amodio (Dec 08)
- RE: Breaking the internet (hotels, guestnet style) Leigh Porter (Dec 08)