nanog mailing list archives
Re: Enterprise Internet - Question
From: Owen DeLong <owen () delong com>
Date: Thu, 14 Jul 2011 19:37:16 -0700
On Jul 14, 2011, at 7:00 PM, Jimmy Hess wrote:
On Thu, Jul 14, 2011 at 2:34 PM, Jeff Cartier <Jeff.Cartier () pernod-ricard com> wrote:- How should/can an enterprise deal with accessibility to internet content issues? (ie. that whole coming from a Canadian IP accessing US content)You indeed might feed traffic towards such "IP restricted" sites through a transparent proxy server, or policy NAT based on destination IP, reducing all traffic towards those sites from "canadian" ranges, to a pool of source IP addresses. Just to take a jab at absurd "content restriction" by IP methods, a reminder... There's no such thing as a "US" IP address. There's no such thing as a Canadian IP address. There are IPs delegated to network operators who have an AS in certain countries, but that is no proof of country of origin. What "country" is an IP address located in when it is assigned to a terminal server, VPN server, or proxy server in country $X, and there are authorized users that connect from 16 different countries? -- -JH
Yep.... And let us also not forget that people travel. Imagine my surprise when I tried to log into Wells Fargo from Kigali and got the message that "You have authenticated successfully, but, we don't trust your current location. Everything will be fine when you log in from home." Of course, I did the seemingly obvious thing and logged in from home. Yeah, not so much. That got my account completely locked out and took a 2.5 hour phone call (well, series of phone calls, maintaining a VOIP connection from Kigali for that long wasn't happening) where I had to escalate up three levels of support representative before reaching someone who could understand what VNC was and that it was indeed possible for me to control my computer in the US from my laptop in Kigali and that I had indeed legitimately logged in from both locations about 2 minutes apart. To the best of my knowledge, while this person reset my account so that I could log in (from my house), I don't think Wells Fargo has any intention of rethinking their geo-IP based restrictions on logging in. So, if you travel, consider carefully whether to try and log into something directly vs. doing so over VNC. Owen
Current thread:
- Enterprise Internet - Question Jeff Cartier (Jul 14)
- Re: Enterprise Internet - Question Phil Sykes (Jul 14)
- Re: Enterprise Internet - Question Owen DeLong (Jul 14)
- RE: Enterprise Internet - Question Jeff Cartier (Jul 15)
- Re: Enterprise Internet - Question PC (Jul 15)
- Re: Enterprise Internet - Question Owen DeLong (Jul 15)
- RE: Enterprise Internet - Question Jeff Cartier (Jul 15)
- Re: Enterprise Internet - Question david raistrick (Jul 14)
- Re: Enterprise Internet - Question Owen DeLong (Jul 14)
- Re: Enterprise Internet - Question Jimmy Hess (Jul 14)
- Re: Enterprise Internet - Question Owen DeLong (Jul 14)
- Re: Enterprise Internet - Question Alastair Johnson (Jul 15)
- Re: Enterprise Internet - Question Owen DeLong (Jul 14)