nanog mailing list archives
Re: Breaking the internet (hotels, guestnet style)
From: Steven Bellovin <smb () cs columbia edu>
Date: Tue, 8 Dec 2009 16:05:44 -0500
On Dec 8, 2009, at 11:59 AM, Paul Vixie wrote:
Steven Bellovin <smb () cs columbia edu> writes:It's why I run an ssh server on 443 somewhere -- and as needed, I ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections as I really need...me too, more or less. but steve, if we were only trying to build digital infrastructure for people who know how to do that, then we'd all still be using Usenet over modems. we're trying to build digital infrastructure for all of humanity, and that means stuff like the above has to be unnecessary. --
Right -- which means that we need a *good* solution. "Good" has to encompass not just technical cleanliness, but also operational reality, which includes things like slow software update rates -- both on clients and the hotel infrastructures -- the very wide variety of client platforms out there. The problems we're talking about, though, are both competence and policy. There's no intrinsic reason why hotels have to block some ports, especially given that many others do not. They've chosen to, for whatever misguided reason. (Aside: my local library blocks everything but 80 and 443 outbound. I complained to the director; he cited "security". I tried explaining that I knew something about Internet security; he told me that the firm that had installed the system had "done most of the libraries in the county". I translate that as "most of the libraries in the county have broken security policies".) And competence? Again, we've all seen many different ways certain things are done. I once had to boot into Windows to get a lease because NetBSD just wouldn't deal with the broken DNS packets necessary for the sign-up procedure. After that, I rebooted into NetBSD and configured a static address and route. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: Breaking the internet (hotels, guestnet style), (continued)
- Re: Breaking the internet (hotels, guestnet style) Owen DeLong (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Andrew Cox (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Michael Thomas (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Steven Bellovin (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Lou Katz (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) John R. Levine (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 07)
- Re: Breaking the internet (hotels, guestnet style) Shane Ronan (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Paul Vixie (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Steven Bellovin (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Jorge Amodio (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Michael Thomas (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Paul Vixie (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Joel Esler (Dec 08)
- Re: Breaking the internet (hotels, guestnet style) Jorge Amodio (Dec 08)
- RE: Breaking the internet (hotels, guestnet style) Leigh Porter (Dec 08)
- Re: FW: news from Google Joe Provo (Dec 03)
- Re: FW: news from Google Joel Jaeggli (Dec 03)