Re: dns interceptors

[Steven Bellovin <smb () cs columbia edu>]

On Feb 14, 2010, at 6:54 PM, Mark Andrews wrote:

> In message <alpine.GSO.2.00.1002141746410.9929 () clifden donelan com>, Sean Donel
> an writes:
> > On Sun, 14 Feb 2010, Randy Bush wrote:
> > > > ssh tunnels to IP address
> > > i am often on funky networks in funky places.  e.g. the wireless in
> > > changi really sucked friday night.  if i ssh tunneled, it would multiply
> > > the suckiness as tcp would have puked at the loss rate.
> > > smb whacked me that i should use non-tcp tunnels.
> >
> > Their network, their rules; your network, your rules; my network, my 
> > rules.
>
> There is also "truth in advertising" laws.  If they advertise
> "Internet" access then you should get the "Internet" not a cut down /
> filtered version.

Yes -- and as a reward for your expertise, you get to explain the problem with a transparent DNS proxy to the judge.  
For bonus points, explain it to a jury....

                --Steve Bellovin, http://www.cs.columbia.edu/~smb