nanog mailing list archives
Re: dns interceptors
From: Sean Donelan <sean () donelan com>
Date: Sun, 14 Feb 2010 18:38:42 -0500 (EST)
On Sun, 14 Feb 2010, Randy Bush wrote:
ssh tunnels to IP addressi am often on funky networks in funky places. e.g. the wireless in changi really sucked friday night. if i ssh tunneled, it would multiply the suckiness as tcp would have puked at the loss rate. smb whacked me that i should use non-tcp tunnels.
Their network, their rules; your network, your rules; my network, my rules.
If you visit lots of funky places, its probably time to learn about tunnelling protocols. If you don't like their network rules, tunnel to a different network with rules you prefer.
Ports 80/443 seem to work as the universal tunnelling ports, along with SSH, VPN, PPTP, IPnIP/IPSEC, etc. Sometimes proxy-tunnel software which encapsulates packets inside HTTP works. AOL and SKYPE seem to successfully tunnel through a lot of stuff. Of course, if you are on a network which doesn't want allow tunnels, e.g. an internal enterprise network, you may not want to do that.
Per-application stuff work sometimes (DNSSEC/TSIG-forwarders, HTTPS, etc), but when allowed I immediately create a tunnel and don't spend time debugging local networks. Some people always use tunnels even when using networks such as the NANOG or IETF conference networks.
Current thread:
- Re: dns interceptors, (continued)
- Re: dns interceptors Oliver Gorwits (Feb 13)
- Re: dns interceptors Randy Bush (Feb 13)
- Re: dns interceptors Jason Frisvold (Feb 14)
- Re: dns interceptors Patrick W. Gilmore (Feb 14)
- Re: dns interceptors Jason Frisvold (Feb 14)
- Re: dns interceptors Patrick W. Gilmore (Feb 14)
- Re: dns interceptors John Levine (Feb 14)
- Re: dns interceptors Larry Sheldon (Feb 14)
- Re: dns interceptors Bill Weiss (Feb 14)
- RE: dns interceptors Justin Krejci (Feb 18)
- Re: dns interceptors Sean Donelan (Feb 14)
- Re: dns interceptors Mark Andrews (Feb 14)
- Re: dns interceptors Steven Bellovin (Feb 14)
- Re: dns interceptors Valdis . Kletnieks (Feb 15)
- Re: dns interceptors [SEC=UNCLASSIFIED] John Levine (Feb 12)
- Re: dns interceptors [SEC=UNCLASSIFIED] Brandon Galbraith (Feb 12)
- Re: dns interceptors [SEC=UNCLASSIFIED] Valdis . Kletnieks (Feb 13)
- Re: dns interceptors [SEC=UNCLASSIFIED] Barry Shein (Feb 13)
- Re: dns interceptors [SEC=UNCLASSIFIED] Tony Finch (Feb 15)
- Re: dns interceptors [SEC=UNCLASSIFIED] Randy Bush (Feb 13)