Re: backbone transparent proxy / connection hijacking

[Jeremy Porter <jerry () freeside fc net>]

In message <3.0.5.32.19980628014919.01258e00 () priori net>, "Patrick W. Gilmore" 
writes:
> At 09:37 PM 6/27/98 -0500, Jeremy Porter wrote:
> > Cisco policy routing can use source IP address for deciding to pass
> > traffic to the cache engine.  The cache engine, normaly can be
> > configured to exempt destination.  I believe that this fixes both
> > issues. Expecting the customer to be able to have a clue to
> > go to a www page is a bit much, tho.  Some customers have setup
>
> I find it ridiculous to suggest that an ACL be built and modified for each
> and every "broken" thing you find.  I wouldn't be surprised if the
> resources necessary to keep this up - especially considering the potential
> customer dissatisfaction it *will* cause - outweighs the benifit of the cache.

Well it wound be ideal for the cache vendor to fix the broken things,
or supply technical fixes to the broken sites in question.
I don't think it is unreasonable for people to follow RFCs and Best
Current Pratices documents.  Perhaps if all this crappy software
out there wouldn't be a problem if we didn't have to patch the applications
at the network level.  There is absolutly no technical reason why
browsers cannot autoconfigure for caching EVERY time.  Netscape and
Micsosoft are not interested in implementing this.  (All they have
to do is setup a source address registry for caches.)

> > IP based authentication on their NT server, but can't figure out how
> > to configure SLL which wouldn't be cached, and would be more secure.
> > The burden of making this work is on the cache operator.  Also it turns
> > out that the sites with the most problems with the cache are the ones
> > paying the least money for service.  Its hard to feel very sorry for
> > a $20/month dialup customer, who is connecting to his coporate site
> > with a broken NT server. 
>
> If you are just now figuring out that there are users who are clueless on
> the Internet, you're way behind the curve.  If you figured this out a long
> time ago and have simply dismissed those users - even the $20/mo dialup
> customers - as "hard to feel very sorry for", then I'm surprised you are
> still in business.

Please this sort of attack is really uncalled for.  If you don't understand
the business case for not supporting all users, them I'm surprised you
are in business.  Some customers demands exceed the value of the customer.
90% of the support costs are from 10% of the user base.  Why spend that
money when you don't have to.  I could give you a list of companies
with similar stratagies, just to rub your face in your comments, as
those companies are doing a lot better than yours.

> I give all of my users transit to their desired destination when the pay me
> for it.  Not just those cluefull enough to configure exceptions to the
> proxy services I have decided to ram down their throat - without their
> foreknowledge or consent.
>
> You are, of course, welcome to do as you please on your network.

If you want to spending 30% more than I do to service a customer base
that is 10% of the revenues, please feel free.

> > Jeremy Porter, Freeside Communications, Inc.      jerry () fc net
>
> TTFN,
> patrick
>
> **************************************************************
> Patrick W. Gilmore                      voice: +1-650-482-2840
> Director of Operations, CCIE #2983        fax: +1-650-482-2844
> PRIORI NETWORKS, INC.                    http://www.priori.net
>              "Tomorrow's Performance.... Today"
> **************************************************************

---
Jeremy Porter, Freeside Communications, Inc.      jerry () fc net
PO BOX 80315 Austin, Tx 78708  | 512-458-9810
http://www.fc.net