[120000] in North American Network Operators' Group
Breaking the internet (hotels, guestnet style)
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Dec 7 18:02:04 2009
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20091207222912.10709.qmail@simone.iecc.com>
Date: Mon, 7 Dec 2009 18:00:40 -0500
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>> Will be interesting to see if ISPs respond to a large scale thing =
like
>> this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>> (albeit for other reasons). Therein lies the problem with some of the
>> "net neturality" arguments .. there's a big difference between "doing =
it
>> because it causes a problem for others", and "doing it because it =
robs
>> me of revenue opportunities".
>=20
> I do hear of ISPs blocking requests to random offsite DNS servers.
> For most consumer PCs, that's more likely to be a zombie doing DNS
> hijacking than anything legitimate. If they happen also to block
> 8.8.8.8 that's just an incidental side benefit.
I've found more and more hotel/edge networks blocking/capturing this =
traffic.
The biggest problem is they tend to break things horribly and fail =
things like the
oarc entropy test.
They will often also return REFUSED (randomly) to valid well formed DNS =
queries.
While I support the capturing of malware compromised machines until they =
are
repaired, I do think more intelligence needs to be applied when =
directing these systems.
Internet access in a hotel does not mean just UDP/53 to their selected =
hosts plus TCP/80,
TCP/443.
The University of Michigan Hospitals have a guestnet wireless that is =
ghetto and blocks
IMAP over SSL. Attempts to get them to correct this have fallen on deaf =
ears. I can't even
VPN out to work around the sillyness, which typically works in other =
hotel/guestnet scenarios.
Providers to avoid: US Signal Corporation. (64.141.138.226 was my natted =
IP in a Hampton Inn depsite whois/swip).
- Jared=