[100718] in North American Network Operators' Group
RE: Hey, SiteFinder is back, again...
daemon@ATHENA.MIT.EDU (Frank Bulk - iNAME)
Tue Nov 6 07:22:43 2007
Reply-To: <frnkblk@iname.com>
From: "Frank Bulk - iNAME" <frnkblk@iname.com>
To: "'Stefan Bethke'" <stb@lassitu.de>,
"Stephane Bortzmeyer" <bortzmeyer@nic.fr>
Cc: <nanog@merit.edu>
In-Reply-To: <34F8A848-BF1C-4476-8A8A-3811C7412A80@lassitu.de>
Date: Tue, 6 Nov 2007 06:21:13 -0600
Errors-To: owner-nanog@merit.edu
I believe it's been said here many times before, but when in public venues,
the only way to be sure about anything in regards to traffic filtering and
manipulation is to VPN into your corporate network and bypass all that.
Unfortuanately, it makes streaming the latest episode of Heroes a little
jerky.
Frank
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Stefan Bethke
Sent: Monday, November 05, 2007 11:38 PM
To: Stephane Bortzmeyer
Cc: nanog@merit.edu
Subject: Re: Hey, SiteFinder is back, again...
Am 05.11.2007 um 17:16 schrieb Stephane Bortzmeyer:
> 3) Provide DNS recursors which do the mangling *and* block users,
> either by filtering out port 53 or by giving them a RFC 1918 address
> with no NAT for this port.
>
> I've seen 1) and 2) in the wild and I am certain I will see 3) one day
> or the other.
Just recently in NYC, the hotel "internet" connection did intercept
any UDP traffic to *:53, redirecting it to their resolver. Which did
not only serve their own A records for names that should have returned
NXDOMAIN, but also returned "better" answers than you normally would
get (requesting pages from www.weather.com delivered pages from
www.accuweather.com
). Of course it even did that after I had paid and clicked through
their walled garden site.
Stefan
--
Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
