[122441] in North American Network Operators' Group
Re: dns interceptors
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Sun Feb 14 19:00:49 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <201002142354.o1ENsvul072693@drugs.dv.isc.org>
Date: Sun, 14 Feb 2010 18:59:56 -0500
To: Mark Andrews <marka@isc.org>
Cc: North American Network Operators Group <nanog@merit.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 14, 2010, at 6:54 PM, Mark Andrews wrote:
>=20
> In message <alpine.GSO.2.00.1002141746410.9929@clifden.donelan.com>, =
Sean Donel
> an writes:
>> On Sun, 14 Feb 2010, Randy Bush wrote:
>>>> ssh tunnels to IP address
>>> i am often on funky networks in funky places. e.g. the wireless in
>>> changi really sucked friday night. if i ssh tunneled, it would =
multiply
>>> the suckiness as tcp would have puked at the loss rate.
>>> smb whacked me that i should use non-tcp tunnels.
>>=20
>> Their network, their rules; your network, your rules; my network, my=20=
>> rules.
>=20
> There is also "truth in advertising" laws. If they advertise
> "Internet" access then you should get the "Internet" not a cut down /
> filtered version.
Yes -- and as a reward for your expertise, you get to explain the =
problem with a transparent DNS proxy to the judge. For bonus points, =
explain it to a jury....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
